MA-DIDS: A Multi-Agent Based Distributed Intrusion Detection System

  • Authors:

  • Huihua Yang;Yong Wang;Hongmei Zhang;Xingyu Wang

  • Affiliations:

  • Guilin University of Electronic Technology, P R China and East China University of Science and Technology, P R China;Guilin University of Electronic Technology, P R China and East China University of Science and Technology, P R China;Guilin University of Electronic Technology, P R China and East China University of Science and Technology, P R China;East China University of Science and Technology, P R China

  • Venue:
  • Proceedings of the 2005 conference on Self-Organization and Autonomic Informatics (I)
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this paper, a novel architecture of multi-agent based distributed intrusion detection system is presented. MA-DIDS developed the frameworks of Common Intrusion Detection Framework (CIDF) and Autonomous Agent for Intrusion Detection (AAFID), and actualized distributed data collection, detection and response. MA-DIDS consists of 7 kinds of agents, namely, data collection agent (DCA), data preprocessing agent (DPA), intrusion detection agent (IDA), event analyzing agent (EAA), management agent (MA), intrusion responding agent (IRA), and communication agent (CA). MA-DIDS is platform independent, dynamically structure scalable and function shrinkable, it endows network security manager more power and flexibility to configure a DIDS. In this paper, the network-based DCA and DPA, and Linux host-based and Windows host based DCA and DPA are briefly illustrated. In MA-DIDS, all the anomaly detection IDAs are implemented using support vector machines; and CAs are specifically designed to enhance the communication security and response speed, with them, the agents can communicate safely and cooperate harmony. The architecture of MA-DIDS can efficiently cut off the network traffic added up by IDS, and promote the detected performance.