Agent systems offer a new approach to implementing intrusion detection systems. The prototype intrusion detection system, MAIDS, demonstrates the benefits of an agent IDS, including distributing the computational effort, reducing the amount of information sent over the network, platform independence, asynchronous operation, and modularity offering ease of updates. Anomaly detection agents using machine learning techniques have been developed; the agents process streams of system calls from privileged processes and report anomalous activity to other agents and to the user interface.
Recent work has been conducted to establish a sound basis for the development of the intrusion detection system. Intrusions have been modeled using the Software Fault Tree Analysis (SFTA) technique; the SFTA forms a basis for stating the requirements of the intrusion detection system. Colored Petri Nets have been created to model the design of the Intrusion Detection System and satisfy the requirements. The prototype agent-based intrusion detection system is being modified to implement the Colored Petri Net-based design in a distributed fashion.