MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach

Abstract

This paper proposes an agent-based approach using artificial immune system (AIS) paradigms as a successful mechanism for a distributed intrusion detection system (IDS). The AIS paradigms are negative selection, clonal selection, danger theory, and immune network. These paradigms are very successful for anomaly IDS. The AIS paradigms are inspired by the powerful human immune system (HIS) and are promising candidate for design of an IDS. The proposed AIS-based agents are capable of learning, self-adaption, platform mobility, autonomy and collaboration. The proposed system (MAIS-IDS) was designed using these powerful and collaborative agents. This system has mobile and static agents with detector agents as the main actors in MAIS-IDS. The life cycles of agents are determined using the proposed immune algorithms in specific phases. Essential characteristics of MAIS-IDS are cloning, mutation, migration, collaboration, and randomness. MAIS-IDS was evaluated using a network of virtualized hosts, a kernel-based virtual machine (KVM) hypervisor and management Orchestra.