A Survey on Multi-Agent Based Collaborative Intrusion Detection Systems

Multi-Agent Systems (MAS) have been widely used in many areas like modeling and simulation of complex phenomena, and distributed problem solving. Likewise, MAS have been used in cyber-security, to build more efficient Intrusion Detection Systems (IDS), namely Collaborative Intrusion Detection Systems (CIDS). This work presents a taxonomy for classifying the methods used to design intrusion detection systems, and how such methods were used alongside with MAS in order to build IDS that are deployed in distributed environments, resulting in the emergence of CIDS. The proposed taxonomy, consists of three parts: 1) general architecture of CIDS, 2) the used agent technology, and 3) decision techniques, in which used technologies are presented. The proposed taxonomy reviews and classifies the most relevant works in this topic and highlights open research issues in view of recent and emerging threats. Thus, this work provides a good insight regarding past, current, and future solutions for CIDS, and helps both researchers and professionals design more effective solutions.