Towards a new approach for intrusion detection with intelligent agents

In this paper, we focus on one critical issue in security management that is intrusion detection.
Intrusion detection requirements and concepts are reviewed. Some existing systems are
described. Their advantages and limitations are illustrated. Drawbacks of existing intrusion
detection systems involve the necessity of designing a new generation of self-adaptive
systems. In fact, mainly, self-control, flexibility, adaptability, autonomy and distribution are
the main features to be addressed in a suitable architecture that fulfills these requirements. In
this context, we propose a new approach based on intelligent agent technique. Therefore, the
introduction of a multi-agent system in an intrusion detection system is proposed as a means
of implementation of adaptive and autonomous decision features embedded in agents
distributed over intrusion detection related entities. A new multi- agent intrusion detection
architecture called MAIDA is described. To bear out the feasibility of the multi-agent
approach, two specific security attacks (doorknob rattling and IP spoofing) are explored
within the platform, that we choose to use to develop our multi-agent system architecture,
which is named Development and Implementation of the Multi- Agents systems (DIMA).