Multiagent Systems for Network Intrusion Detection: A Review

More and more, Intrusion Detection Systems (IDSs) are seen as an important component in comprehensive security solutions. Thus, IDSs are common elements in modern infrastructures to enforce network policies. So far, plenty of techniques have been applied for the detection of intrusions, which has been reported in many surveys. This work focuses the development of network-based IDSs from an architectural point of view, in which multiagent systems are applied for the development of IDSs, presenting an up-to-date revision of the state of the art

Aphids++ : evolution of a programmable hybrid intrusion detection system

With the rapid growth of the Internet and the ever-increasing security problems associated with its popularity, the need for protection against unwanted intruders has become essential. Antivirus software, intrusion detection systems, spyware and malware detectors are some of the protection mechanisms available to users today. The diversity of these manifold systems suggests the need for a unifying managerial system, such as APHIDS (A Programmable Hybrid Intrusion Detection System), a mobile agent based IDS, which can correlate and coalesce preexisting security components. In this thesis we provide a description of improvements made to the initial APHIDS design, comprising the addition of an optional intelligent agent meant to improve the response of APHIDS in detecting VoIP (Voice over IP) and generic intrusions; and an XML implementation of our Agent Deployment and Correlation Script (ADCS), which is used to initialize the agent environment, allowing for flexible user modifications to control the deployment and invocation of mobile agents.Science, Faculty ofComputer Science, Department ofGraduat