In this paper, a novel architecture of multi-agent based distributed intrusion detection system is presented. MA-DIDS developed the frameworks of Common Intrusion Detection Framework (CIDF) and Autonomous Agent for Intrusion Detection (AAFID), and actualized distributed data collection, detection and response. MA-DIDS consists of 7 kinds of agents, namely, data collection agent (DCA), data preprocessing agent (DPA), intrusion detection agent (IDA), event analyzing agent (EAA), management agent (MA), intrusion responding agent (IRA), and communication agent (CA). MA-DIDS is platform independent, dynamically structure scalable and function shrinkable, it endows network security manager more power and flexibility to configure a DIDS. In this paper, the network-based DCA and DPA, and Linux host-based and Windows host based DCA and DPA are briefly illustrated. In MA-DIDS, all the anomaly detection IDAs are implemented using support vector machines; and CAs are specifically designed to enhance the communication security and response speed, with them, the agents can communicate safely and cooperate harmony. The architecture of MA-DIDS can efficiently cut off the network traffic added up by IDS, and promote the detected performance.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com