An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies

Distributed Intrusion Detection Systems (DIDS) have been integrated to other techniques to incorporate some degree of adaptability. For instance, IDS and intelligent techniques facilitate the automatic generation of new signatures that allow this hybrid approach to detect and prevent unknown attacks patterns. Additionally, agent based architectures offer capabilities such as autonomy, reactivity, pro-activity, mobility and rationality that are desirables in IDSs. This paper presents an intrusion detection and prevention model that integrates an intelligent multi-agent system. The knowledge model is designed and represented with ontological signature, ontology rule representation for intrusion detection and prevention, and event correlation.