A Model of Collaborative Intrusion Detection System Based on Multi-agents

With the rapid development of computer network and applications, attacks are becoming more and more complicated and elusive. The traditional intrusion detection systems have been unable to meet new security requirements. This paper proposes a collaborative intrusion detection model based on multi-agents. In this model, four kinds of agents are defined, which are organized in a hierarchical structure. The basic agents in every host or at the entrances of subnets are responsible for performing the simple detection and response tasks. The complicated collaboration task is executed by some separate coordination agents, which are responsible for synthetically analyzing the suspicious behavior that the lower-level agents are unable to identify. Coordination agents are also able to assign the task to the lower-level associated agents. Based on the hierarchical structure, the formal description of the model is given. By adaptive policies and dynamic association among some elements, this model provides dynamic adaptability to the changing environment and attacks. In addition, this paper also proposes the concept of coordination domain which facilitates the management of collaborative detection. The model lays a theoretical foundation for constructing dynamically adaptive intrusion detection system.