This paper describes an intelligent system for automatic detection of intrusions in computer networks. Its architecture is based on a multi-agent system in which several types of agents cooperate together to perform a fast and reliable detection of intrusions. Some agents are in charge of monitoring the traffic of the communication network using as core the well-known SNORT system fitted with different parameters for each monitoring agent. Other agents are responsible for the intelligent processing and interpretation of the information collected using knowledge rules. Finally, another type of agents is in charge of the compilation and integration of diagnoses issued by other agents and solving possible conflicts. The cooperation of all these agents will configure a more reliable and robust detection system than similar existing systems not using this type of architecture. This paper describes the IDSAI architecture, the agent roles and the main features of the application developed for network traffic surveillance.
Keywords: Intrusion detection; Communication network; Multi-agent system; Fuzzy logic; Knowledge rules; SNORT
Fifth International Conference on Internet Monitoring and Protection - ICIMP 2010
Publication date: May 2010.
M.A. Sanz-Bobi, M. Castro, J. Santos, IDSAI: A Distributed System for Intrusion Detection Based on Intelligent Agents, Fifth International Conference on Internet Monitoring and Protection - ICIMP 2010. ISBN: 978-1-4244-6726-6, Barcelona, Spain, 09-15 May 2010