Use of O-MaSE methodology for designing efficient intrusion detection based on MAS to learn new attacks

The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks., In this paper, we propose a new architecture for intrusion detection based in MAS adding a learning feature abnormal behaviors that correspond to new attack patterns. To learn a new attack, the architecture must detect at first and then update the base of attack patterns. For the detection step, the approach adopted is based on the technique of Case-Based Reasoning (CBR). The proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers., We focus after on the modeling of our Multi agent systems Architecture, for reasons of simplicity, we use the methodology O-MaSE.