Information Technology Reference
In-Depth Information
Fig. 3.
IDS MAS agency configuration
•
R2U_MC
: an agent instance of the class
Metaclassifier
correlating alerts of the
source-based classifiers trained for detection of
R2U
attack class;
•
Normal MC
: an agent instance of the
Metaclassifier
class combining alerts ar-
riving from the meta-classifiers correlating alerts of particular attack classes;
SystemMontor
-an agent class assigned the role
ObjectMonitor
; it provides visualiza-
tion of the information about security status of the host depending on time.
The instances of the above agents are structured according to the conceptual het-
erogeneous alert correlation structure depicted in Fig.2. The above mentioned compo-
nents represented graphically in Fig.3 determine configuration of the agents of the
implemented multi-agent IDS.
Fig. 4.
Model of behavior of the agent class
NetLevelAgent
