Abstract: Intrusion detection message exchange format (IDMEF) standard has been widely used in intrusion detection system (IDS). This paper proposes an architecture of large scale cooperative IDS based on IDMEF. The design and implementation of the cooperative IDS are discussed by the means of Prelude framework and development suite. The deployment and application of this architecture on CERNET are finally analyzed.