Intrusion detection using autonomous agents

AAFID is a distributed intrusion detection architecture and system, developed in CERIAS at Purdue University. AAFID was the first architecture that proposed the use of autonomous agents for doing intrusion detection. With its prototype implementation, it constitutes a 

The intrusion detection ®eld has grown con-siderably in the last few years, and a large numberof intrusion detection systems have been developedto address di?erent needs. Intrusion detection isclearly necessary with the growing number ofcomputer systems being connected to networks.We describe an architecture for intrusion detectionand system monitoring based on autonomousagents that serves as a research framework forintrusion detection techniques and algorithms.We start by de®ning some common terms andthe motivation for using autonomous agents in anintrusion detection system.1.1. Intrusion detectionIntrusion detection is de®ned as “the problemof identifying individuals who are using a com-puter system without authorization (i.e., `crack-ers’) and those who have legitimate access to thesystem but are abusing their privileges (i.e.,the `insider threat’)” [25]. We add to this de®nitionthe identi®cation of attempts to use a computersystem without authorization or to abuse existingprivileges. Our working de®nition matches the onegiven by Heady et al. [15], where an intrusionis de®ned as “any set of actions that attempt tocompromise the integrity, con®dentiality, oravailability of a resource”, disregarding the successor failure of those actions.

- -