Abstract

The development and evolution of computer networks, in terms of number of users and services, are making them ever more complex and therefore vulnerable to new types of attacks. Given this complexity of attacks, intrusion detection systems, to monitor the activities of a network or a sensitive computer and to detect abnormal usage of computer resources, are expected to evolve and adapt to changes in user behavior. To improve and strengthen the mechanism of intrusion detection, we propose in this paper a new real-time distributed architecture, based on the multi-agent aspect consisting of two levels of analysis benefiting from reactive and cognitive capabilities of agents and using rules and safety procedures to detect complex attacks and intrusions that can represent low threats.

Key words: Security, intrusion detection, multi-agent system, analyzer, AUML.