计算机应用与软件Issue(2):133-137,5.DOI:10.3969/j.issn.1000-386x.2016.02.032
基于 Multi-Agent 和本体的分布式入侵检测系统研究
RESEARCH ON DISTRIBUTED INTRUSION DETECTION SYSTEM BASED ON MULTI-AGENT AND ONTOLOGY
摘要
Abstract
Intrusion detection system (IDS)has been experienced about 30 years,but some problems such as the high false positive rate have always been plaguing its users with the cause being partially attributed to the deficiency of knowledge representation and the IDS lacking collaborated works.In view of above questions,the paper proposes a Multi-Agent and ontology-based distributed IDS by integrating Agent with ontology technology,and on that basis constructing the corresponding knowledge base of intrusion detection ontology.The system adopts multi-level and distributed architecture with the ontology as core,and functionally it can be divided into three levels:probes,collaborative analysers and knowledge management,and structurally it consists of the Agents for knowledge management,host intrusion detection,network intrusion detection,log intrusion detection,and other intrusion detection Agents.The collaboration between Agents uses the collaboration algorithm combining the contract net model and the acquaintance coalition model.It is verified through experimental analysis that on the one hand this system improves the interoperability of each detector and reduces false positives;on the other hand it is able to greatly cut down the traffic of communication between detectors and raises the efficiency of collaboration.关键词
入侵检测系统/Multi-Agent/本体/协作算法/合同网/熟人模型Key words
Intrusion detection system/Multi-Agent/Ontology/Collaboration algorithm/Contract net/Acquaintance coalition model分类
信息技术与安全科学引用本文复制引用
郭广丰,马占飞..基于 Multi-Agent 和本体的分布式入侵检测系统研究[J].计算机应用与软件,2016,(2):133-137,5.基金项目
国家自然科学基金项目(61163025);内蒙古高等学校科学技术研究项目(NJZY12200)。 ()
