Abstract: Investigates the structural design, cooperation and data fusion in a distributed intrusion detection system. A tree-structured distributed intrusion detection system is illustrated and its components detailed. The cooperation method in this system using blackboard, is explained. A CFAR (constant false alarm rate) method is used to fusion the distributed analysis result. A group of examples are used to show the validity of such a system.