Abstract
This paper describes an intelligent system for automatic detection of intrusions in computer networks. Its architecture is based on a multi-agent system in which several types of agents cooperate together to perform a fast and reliable detection of intrusions. Some agents are in charge of monitoring the traffic of the communication network using as core the well-known SNORT system fitted with different parameters for each monitoring agent. Other agents are responsible for the intelligent processing and interpretation of the information collected using knowledge rules. Finally, another type of agents is in charge of the compilation and integration of diagnoses issued by other agents and solving
possible conflicts. The cooperation of all these agents will
configure a more reliable and robust detection system than
similar existing systems not using this type of architecture.
This paper describes the IDSAI architecture, the agent roles
and the main features of the application developed for network traffic surveillance.