A Distributed Network Intrusion Detection System with Active Surveillance Agent
A distributed network Intrusion Detection System (IDS) called SA-NIDS is proposed based on the network-based intrusion detection architecture. It includes three basic components, Local Intrusion Detection Monitor (LIDM), Global Intrusion Detection Controller (GIDC), and Surveillance Agent (SA). Basically, the LIDM is used to do packets capturing, packets de-multiplexing, local intrusion detection and intrusion inferring. The GIDC is installed in administration center for communicating and managing LIDMs, it can also do the intrusion detection and intrusion inferring.