LnaCBR:Case Based Reasoning Architecture for Intrusion Detection to Learning New Attacks

The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication . However, an important property of agents : learning is not used . The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure . For this,normal profiles are built in a dedicated training phase , these profiles are then compared with the current activity . Thus, the IDS does not have the ability to detect new attacks. We propose in this paper , a new architecture based intrusion MAS adding a learning feature abnormal behaviors that correspond to new attack patterns detection . Thanks to this feature to update the knowledge base of attacks take place when a new plan of attack is discovered. To learn a new attack, the architecture must detect at first and then update the basic attack patterns . For the detection step, the detection approach adopted is based on the technique of Case -Based Reasoning ( CBR). Thus, the proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers.