入侵检测是一种重要的安全防范技术，在网络系统中得到了广泛应用。但是随着Internet 的快速发展，传统的入侵检测技术已不能满足网络安全的发展需求。本文设计并实现了一个基于P2DR 安全模型及双检测点的入侵检测系统，该系统具有自适应动态防护和纵深防御特性。理论分析及实验结果表明，该系统可以提高网络系统的安全性。关键字：网络安全；入侵检测系统；访问控制；双检测点Design and Implementation of Two-detection-point Intrusion Detection SystemTan Xin-Lian XU Jiang-Feng (School of Information and Engineering, Zhengzhou University, Zhengzhou, 450001) Abstract: As one of the information security technology, intrusion detection technique has been used to network system widely. But with the spread of Internet, traditional intrusion detection technique can’t meet the increasingly growing network security’s requirement. This paper established and accomplished the intrusion detection system based on P2DR model and two-detection-point, it had the characteristic of active defense and deep defense. Theoretical analysis and experimental results demonstrate that the system can improve the security of network system.Key words: network safety；IDS; Access control; Two-detection-point