Distributed monitoring and intrusion detection using autonomous agents

Aug 28, 1998

Abstract

The Intrusion Detection System (IDS) architectures commonly used in commercial and research systems have a number of problems that limit their configurability, scalability or efficiency. The most common shortcoming in the existing architectures is that they are built around a single monolithic entity that does most of the data collection and processing. In this talk I will present an architecture that has been developed in the COAST laboratory for a distributed IDS based on multiple independent entities working collectively. We call these entities Autonomous Agents. This approach solves some of the problems mentioned. I will describe the architecture and the prototype that we have built based on it, discuss some of the latest developments, and talk about some of the plans for the future.