Real-Time Intrusion Detection System Using Multi- agent System

Abstract

The growth of network attacks has lengthened the intrusion detection system’s (IDS) processing time to detect these attacks. The demand for reducing the processing time has increased when dealing with real time IDS. Several methods were proposed, such as improving the algorithm, or improving the IDS’s architectural design; which includes distributed and parallel. However, this paper sought to present a Multi-agent System solution (MAS-IDS) to enhance the performance of IDS in order to reduce the analysis of the network’s traffic data processing time when detecting attacks. Numerous works of MAS improved the accuracy of IDS, however, only a few had focused on enhancing the processing time of IDS. The number of analysis agents that can be created in a system depends upon the size of traffic data and the availability of logical processors (cores) in the system, without affecting the performance of the hosts with less targeted time. The conducted experiments employed the dataset KDDCUP'99. The results illustrated that MAS-IDS had reduced up to 81% of the processing time in the analysis procedure when compared to traditional IDS with maintaining the same accuracy approximately.

Topics

40 Figures and Tables

Download Full PDF Version (Non-Commercial Use)