The framework model proposed in this paper is a real time intrusion detection sy stem based on Agent, which provides an interface for intrusion detection com pone nts. Such interface can be used to detect intrusion behaviors based on both netw ork and hosts. According to the different system or network usage patterns and e nvironment diversity, a set of various agents will be created which cooperate to detect the anomalous aspects. The proposed model is an open system, which h as g ood scalability. It is easy to add new cooperating hosts and agents and to expan d new intrusion patterns. agents work in a concurrent way without any central co ntrolling module. The cooperation among Agents is implemented just by communicat ion. Agents are independent but are capable of communicating with each other whe n they take their actions. The state-checking and policy of authentication mech anism ensure the security of the agents themselves and the communication among t hem. This model is independent of specific application environment, thus providi ng a general-purpose framework for intrusion detection systems.