Agent Based Distributed Intrusion Detection System

Intrusion detection for computer systems is a key problem in today's networked systems. There have been an increased number of different attacks, which are spread across the network and affecting the systems before they attack the actual target system. One solution to this problem is to build up an intrusion detection system, made of distributed components capable of sharing all required information about attack, such as intelligent agents.Thi thesis introduces an Agent Based Distributed Intrusion Detection System (ABDIDS), it is a simple pattern attack that allows agent based intrusion detection system to detect network attacks at a higher level more than most current intrusion detection systems do. It is a distributed system which can avoid vast amount of log information. The ABDIDS system has cooperative agent architecture. Autonomous agents can perform specific intrusion detection tasks (e.g., play a role in identification DoS attacks) and also collaborate with other agents.The contribution of this work is to allow agents to share their information. It is commonly known that in the case of worm attack there occur at least two kinds of anomalies: in observed traffic characteristics and in communication scheme which tends to be constant under normal conditions. In this work, the attack recognition is being made on the basis of them. We propose methods for modeling errors and detect network anomalies. Finally, we have implemented a proof simulation of ABDIDS.