Skip to Main Content
Agent Based Models are the natural extension of the Ising or Cellular Automata-like models which have been used in the past decades to simulate various physical phenomena. By taking advantages of the main features of such models, coupled with nature based models such as artificial immune systems we present a novel artificial immune and agent based intrusion detection model for large computer networks. Our solution is based upon several security levels, event based model, and a simple computational abstraction where an anomaly detection technique is designed to monitor the users' registrations to the operational targeted system, e.g., UNIX-like implementation. In our model, the events' generation model is processed using the Unix Syslog-ng tool, the events' analysis using the Logcheck tool, while the activities of the users and the execution of the both reactive and pro-active events' activities are implemented within an artificial immune and mobile agent based infrastructure. We have implemented and designed our model to differentiate among attacks, security violations, and several other security levels. In this paper we present our model, and show how mobile agent and artificial immune paradigms can be used to design efficient intrusion detection systems. we also discuss the validation of our model followed by a set of experiments we have carried out to evaluate the performance of our model using realistic case studies.
Date of Conference: 04-08 April 2005