Abstract:
A non-embedded structures based on the ARC model,which is a combination of actor,role and coordinator,is introduced to the security system in the distributed environment.Actor is used to simulate the computing entity while role and coordinator are used to perform control functions.The characteristics of the attacks are configured to coordinator and role in a way of constraint by the model,combining feature detection and anomaly detection method usually used in the intrusion detection at the same time.Based on the message and event communications,this model can achieve monitoring,blocking,identification and treatment to the aggressive behavior,and improve the ability in preventing attacks and survival of the system.