The research of a cooperative model intrusion detection system

Abstract

The paper introduces a model of the Cooperative System of Honeypots and Intrusion Detection System (CSHIDS). The method of implementing the cooperation is: firstly, the Honeypots and HoneyWall try to record various attackers' behaviors and transfer them to Remote Log Server, secondly, the cooperative system divides the records into several classes by using the way of Unsupervised Clustering; thirdly, make the records labeled; and then extract attack-rules from the labeled records by Decision Tree; at last, add the new attack-rules to the Intrusion Detection System's rule-set in a certain time interval. The purpose is that Intrusion Detection System (IDS) can detect the new attacks. This model's effectiveness has been confirmed by the simulated experiments. © 2012 Springer-Verlag GmbH.