Abstract
Anomaly detection is a basic functionality of intrusion detection systems. The aim of such systems in distributed computer communication systems is to recognize and notify about various events that influence a system's security. In a gain to assure efficiency, flexibility, and a quality of detection of systems security violation in a distributed environment, required detection systems should be responsive, adaptive, proactive, and less centralized than those currently deployed. Such required properties are offered by agents and multiagent systems, i.e., agent-based technology has the continuously increasing potential to offer a solution to the growing problem of designing intelligent, efficient, and flexible management systems. An agent-based approach offers the potential to develop advanced and effective distributed, network-based strategies replacing traditional node-based approaches by more perspective network-based approaches.
This article is devoted to present various architectures of anomaly detection systems, which may be implemented as multiagent systems supporting the classification of observed activities as normal or abnormal. Some simple example presents hierarchical architecture of a distributed anomaly detection system, which may be implemented in the form of a multiagent decision supporting system.
Acknowledgments
This work was supported by the Polish State Committee for Scientific Research under Grant No. 3 T11C 029 29 (2005–2007).