中文摘要：

在当前的网络环境下进行实时的入侵检测往往面临以下问题：一是网络的规模庞大,需要处理大量的信息,进而要求入侵检测系统有较大的吞吐量;二是网络的环境复杂,数据类型多样,相应的要求入侵检测系统有较大的准确度.针对这些问题,提出了一个入侵检测系统的模型,该模型基于多代理的分布式结构,能够适应网络规模和带宽的变化,具有很好的可扩展性;混合应用了异常和误用入侵检测技术,具有低的误警率和漏警率;采用了多属性的特征提取方法,能够精确的把握入侵行为的特征,从而有效的识别入侵行为;采用径向基函数来构造分类器,使得分类器具有较强的推广能力,能够对未知的入侵行为进行准确的判定,进一步增强了入侵检测的准确性.实验表明该系统吞吐量大,准确性高,适合于当前高速复杂的网络环境,具有很好的实用性.

英文摘要：

Real-time intrusion detection under current network environment exists the following problems： first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system （IDS）; second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute＇data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function （RBF） so as to have good extension to unknown intrusions, and can do effective judgement to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.