Distributed Architecture for Intrusion Detection System Based on Multi-SoftMan

"SoftMan" (SM) is a new concept based on the production of distributed technique, agent, intelligent robot and artificial life, its corresponding theory and technology fruits provide a good foundation and reference for studying the present intrusion detection systems (IDSs). Inspired by the intelligence recognition capability of SM, a novel cooperation control model for intrusion detection system based on multi-SoftMan (MSMIDS) is proposed. This model is adopted distributed architecture. In order to reduce the relativity of each detection components as far as possible and avoid the simple failure point caused by the single central analyzer, the model is adopted the non-control center multi-SoftMan architecture, which is making enough use of SM attributes, such as independence, activity, self-learning, self-adaptation, self-evolution and society. The experimental results show that MSMIDS enables member sites in the same trust community or different ones to forewarn attacks cooperatively, and possesses the higher detection rate, load balance and better self-adaptability. MSMIDS also provides a new idea for implementation of network security system.