An Agent-Based Intrusion Detection System for Local Area Networks

TL;DR

This paper proposes an agent-based distributed intrusion detection system for LANs that enhances detection accuracy, reduces false positives, and can identify and isolate compromised nodes, improving network security and fault tolerance.

Contribution

It introduces a novel agent-based distributed IDS that detects attacks and isolates compromised nodes, addressing false positives and detection efficiency issues.

Findings

High detection efficiency demonstrated in experiments

Low false positive rate achieved

Effective identification and isolation of compromised nodes

Abstract

Since it is impossible to predict and identify all the vulnerabilities of a network beforehand, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities to ensure the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days' networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has a high detection efficiency and low false positives compared to some of the currently existing systems.