An agent based and biological inspired real-time intrusion detection and security model for computer network operations

There is a strong correlation between the human immune system and a computer network security system. The human immune system protects the human body from pathogenic elements in the same way that a computer security system protects the computer from malicious users. This paper presents a novel intrusion detection model based on artificial immune and mobile agent paradigms for network intrusion detection. The construction of the model is based on registries’ signature analysis using both Syslog-ng and Logcheck unix tools. The tasks of monitoring, distributing intrusion detection workload, storing relevant information, and ensuring data persistence and reactivity have been carried out by the mobile agents, which represent the leukocytes of an artificial immune system. Our real-time based intrusion detection and communication model is host-based and adopts the anomaly detection paradigm. We present our intrusion detection model, discuss its implementation, and report on its performance evaluation using real data provided by an Internet Service Provider and a data processing corporation.