Intelligent agents for intrusion detection

This paper focuses on intrusion detection and countermeasures with respect to widely-used operating systems and networks. The design and architecture of an intrusion detection system built from distributed agents is proposed to implement an intelligent system on which data mining can be performed to provide global, temporal views of an entire networked system. A starting point for agent intelligence in our system is the research into the use of machine learning over system call traces from the privileged sendmail program on UNIX. We use a rule learning algorithm to classify the system call traces for intrusion detection purposes and show the results.