Abstract
In security environments many complicated and interrelated software elements, such as firewalls, network scanners, event distributors and authentication tools, should work cooperatively.
The proposed model consists of Multiagent Intrusion Detection System (MIDS) for gathering attack information. It provides a software environment that can afford a generalization/specialization process in order to accomplish attack abstraction. Such a model is designed to detect attacks of several protocols, such as Port Activity, SMTP, HTTP, and FTP. The system changes can be obtained by applying an appropriate security auditing policy. As such MIDS includes four agents; 1) Signature Agent (SA), 2) Network Events Agent (NEA), 3) Vulnerability Scan Agent (VSA) and 4) Intrusion Detection Agent (IDA). These agents are running on each host to be monitored.
Get full access to this article
View all access options for this article.