New collaborative intrusion detection architecture based on multi agent systems

Abstract

The Intrusion Detection System architectures used in commercial and research systems have a number of problems that limit their configurability. An important problem of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. Thus, the IDS does not have the ability to detect new attacks. We propose in this paper a new architecture for intrusion detection based in multi agent systems adding a learning feature abnormal behaviors that correspond to new attack patterns. We present the motivation and description of the approach, for the detection step, the approach adopted is based on the technique of Case-Based Reasoning (CBR). The proposed architecture is based on a hierarchical and distributed strategy separated into three layers. We focus after on the modeling of our Multi agent systems Architecture, for reasons of simplicity, we use the methodology O-MaSE.