Distributed intrusion detection system using cooperative agent based on ant colony clustering

Intrusion detection system (IDS) is another layer of protection as an important technology in information security. There are two major problems in the development of IDS, the algorithmic aspect of detection (computational), and aspects of the communication between components of detection (architectural). Computational problems including the ability of the novel-attack detection using ant colony clustering (ACC) is still lacking, large data traffic and computation overload. Architectural problems including the difficulty to overcome distributed and coordinated attacks, because it requires large amounts of distributed information, thus requiring synchronization between detection components of scattered information anyway. This paper proposes the multiagent architecture that implements distributed IDS based on ACC to recognize a new and coordinated attack, and the movement of large data handling, synchronization capabilities, the ability of cooperation between components without the presence of centralized computing components, good detection performance in real-time to turn on warning alarm.