The Design and Implementation of A Distributed Intrusion Detection System for Multiple Attacks

대규모 네트워크 상의 다중공격에 대비한 분산 침입탐지시스템의 설계 및 구현

  • 최주영 (서울여자대학교 대학원 컴퓨터학 전공) ;
  • 최은정 (서울여자대학교 대학원 컴퓨터학 전공) ;
  • 김명주 (서울여자대학교 대학원 컴퓨터학 전공)
  • Published : 2001.12.01


For multiple attacks through large networks e.g., internet, IDS had better be installed over several hosts and collect all the audit data from them with appropriate synthesis. We propose a new distributed intrusion detection system called SPIDER II which is the upgraded version of the previous standalone IDS - SPIDER I. As like the previous version, SPIDER II has been implemented on Linux Accel 6.1 in CNU C. After planting intrusion detection engines over several target hosts as active agents, the administration module of SPIDER II receives all the logs from agents and analyzes hem. For the world-wide standardization on IDS, SPIDER II is compatible with MITRE's CVE(Common Vulnerabilities and Exposures).