PURPOSE: An intrusion detection system is provided to collect dynamically intrusion information from distributed intrusion detection agents, train the distributed intrusion detection agents, and send trained detection codes to detectors to enhance an intrusion detection efficiency. CONSTITUTION: An intrusion detection system comprises a plurality of detectors, a detector coordinator, a scenario generator, and a detector training engine. The detectors receive a kernel audit data according to detection codes, and analyzes a degree of suspicion. The detector receives the degree of the suspicion, determines if an intrusion occurs at a current computer node, and performs an automatic proper measure. The scenario generator generates virtually an operation sequence of a non-normal state and a normal state. The detector training engine trains the detectors via the scenario, and distributes detection codes.
展开▼
