Towards a new approach for intrusion detection with intelligent agents

In this paper, we focus on one critical issue in security management that is intrusion detection. Intrusion detection requirements and concepts are reviewed. Some existing systems are described. Their advantages and limitations are illustrated. Drawbacks of existing intrusion detection systems involve the necessity of designing a new generation of self-adaptive systems. In fact, mainly, self-control, flexibility, adaptability, autonomy and distribution are the main features to be addressed in a suitable architecture that fulfills these requirements. In this context, we propose a new approach based on intelligent agent technique. Therefore, the introduction of a multi-agent system in an intrusion detection system is proposed as a means of implementation of adaptive and autonomous decision features embedded in agents distributed over intrusion detection related entities. A new multi-agent intrusion detection architecture called MAIDA is described. To bear out the feasibility of the multi-agent approach, two specific security attacks (doorknob rattling and IP spoofing) are explored within the platform, that we choose to use to develop our multi-agent system architecture, which is named Development and Implementation of the Multi-Agents systems (DIMA).