Immunity-Based Intrusion Detection Systems

The goal of proposed research project is to develop an intelligent multi-agent system for intrusion/anomaly detection and response in networked computers. The approach is inspired by the defense mechanisms of the immune system that is a highly distributed in nature.

In this approach, immunity-based agents roam around the machines (nodes or routers), and monitor the situation in the network (i.e. look for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). These agents can mutually recognize each other's activities and can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating and generating responses. Moreover, such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions.

The main objective is to design a multi-agent detection system that can simultaneously monitor networked computer's activities at different levels (such as user level, system level, process level and packet level) to make robust decision on intrusions and/or anomalies. The novelty of this intrusion detection system lies primarily in multi-agent architecture, in particular, agent's role, adaptivity, regulation, life cycle, specificity, diversity and dynamic collaboration mechanism. The proposed system is designed to be flexible, extendible, and adaptable that can perform near real-time monitoring in accordance with the needs and preferences of the organization.