Existing intrusion detection systems (IDS) operate independently from security policy enforcement mechanism. In current IDS the functionality has been restricted to detecting only anomaly in system behavior and system misuse. In order to assist system administrators in restoring and strengthening system security after an intrusion is detected this paper proposes a method that will link the security Violation to a non-empty, subset of the policy base. A multiagent system is proposed to automate the intrusion detection and analysis.

• 出版日期2007
• 单位华东师范大学