Agent-Based Network Intrusion Detection System

The paper presents security platform based on agents as an efficient and robust solution for high-performance intrusion detection system designed for deployment on high-speed network links. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. The heterogeneous anomaly detection methods are used by cooperating agents and then correlated using a reputation mechanism. To satisfy the performance requirements, wire-speed data acquisition layer is based on hardware-accelerated Net- Flow probes that provide overview of current network traffic. The output of multi-agent detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of combination of high-speed hardware with agents-based detection and advanced analyst interface.