Distributed intrusion detection system based on anticipation and prediction approach

Despite the importance and reputation of the current intrusion detection systems, their efficiency and effectiveness remain limited as they rely on passive defensive approaches. In fact, when an intrusion is detected by the IDS, it is already happened on the network and the time required to update security rules is usually short, which provide opportunity to the attacker to inflict damages that may paralyze the network. For this purpose we suggest a new approach of distributed intrusion detection system to wisely anticipate and predict intrusions before their first occurrence in the network to secure. Our approach is based on intelligent agents and using honeypot technology to gather a vast scope of information about attacks. Moreover it combines the two detection strategies “anomaly approach and misuse approach”.