【摘要】 目前大部分入侵检测系统(IDS)采用基于模式匹配的入侵检测方法,该方法由于计算量大,因而在高速网络中检测效率较低。文章提出一种新的融合漏洞扫描功能的IDS模型,通过定期对系统进行漏洞扫描,及时修补系统安全漏洞,同时IDS根据漏洞扫描结果,对模式库进行动态更新,删除与得到修补的漏洞有关的攻击模式,缩减模式库的规模,提高检测效率。文章根据该模型提出一种基于多Agent的分布式IDS体系结构,提高了系统的可扩充性。更多还原

【Abstract】 At present,most of intrusion detection systems employed a detection mechanism:the pattern matching,but due to giant computation of this mechanism, the IDS had low efficiency in high-speed network.The paper provides a new model of IDS merged vulnerability scanner.In this model,the system is scanned by the vulnerability scanner in regular time and patched the vulnerabilities in time,according to the results of the vulnerability scanner,the IDS will delete the attack patterns related with this patch in pattern library,it will decrease the size of pattern library,improve the efficiency of the IDS.Based on this model,the paper designs an IDS architecture based on multi-agent to improve the extensibility of the system.更多还原