Real-time multi-agent system for an adaptive intrusion detection system

- Improve the detection performance of identify the new attacks in real time.
- Propose and develop a multi-agent system to speed up the IDS processes of detect the attacks.
- Improve the potential for adaptive IDS on the new attacks in real time and make system faster.
- Improve the detection rate of Probe, U2R and R2L attacks.
- Overall accuracy of 95.86% is achieved with whole “Corrected” KDD dataset.

An adaptive intrusion detection system that can detect unknown attacks in real-time network traffic is a major concern. Conventional adaptive intrusion detection systems are computationally expensive in terms of computer resources and time because these systems have to be retrained with known and unknown attacks. In this study, a method called Real-Time Multi-agent System for an Adaptive Intrusion Detection System RTMAS-AIDS, which is based on a multi-agent system, is proposed to allow the intrusion detection system to adapt to unknown attacks in real-time. This method utilizes the classification models multi-level hybrid SVM and ELM to detect normal behavior and known attacks. An adaptive SVM model, in which processes run in parallel and are distributed in MAS, is also used to detect and learn new attacks in real-time. Results show that the proposed method significantly reduced the training cost of detecting unknown attacks compared with the conventional method. In addition, the analysis results of the popular KDDCup'99 dataset show that RTMAS-AIDS can detect Probe, R2L, and U2R attacks better than the non-retrained multi-agent system using the multi-level hybrid SVM and ELM models as well as the multi-level hybrid SVM and ELM. RTMAS-AIDS exhibited a significantly improved detection accuracy that reached 95.86% and can detect and learn unknown attacks faster (up to 61%) than the other two methods (MAS-MLSE and MLSE).