Scientists from the Universidad Carlos III de Madrid (UC3M) have unveiled a system that, they say, is capable of detecting computer intrusions and deciding the best response.
To reduce the risk of intrusion, a team of researchers at UC3M have built a multi-agent system that identifies suspicious events and automatically determines whether or not action should be taken.
According to Professor Agustin Orfila of the Department of Informatics of the UC3M, what’s new is the use of ‘deliberative agents’ that can adapt to their surroundings and consider their past successes to decide whether or not they should respond when facing a suspect event.
This is achieved by using a “quantitative model that weighs the loss that an intrusion would provoke against the cost of taking responsive action”, he explains. In this way, the IDS multi-agent determines the best system configuration for each scenario, he says, giving the example of port scan attacks and denial of service attacks – each of which would be dealt with in context.
Orfila says the agents have capabilities such as reactivity, sociability, self-initiative, adaptation and mobility – effectively representing human thought. “In this way, the IDS multi-agent architecture allows us to distribute the detection load and better co-ordinate the process, with the consequence of accomplishing a more efficient detection,” he says.