A multi-agent approach for intrusion detection in distributed systems

Detecting anomalous data is essential to obtain critical and actionable information such as intrusions, faults, and system failures. In this paper an agent-based clustering algorithm to detect anomalies in a distributed system, is introduced. Each data object, independently of which source it arrives, is associated with a mobile agent following the flocking algorithm, a self-organizing bio-inspired computational model. The agents are randomly disseminated onto a virtual space where they move in order to form a flock. Thanks to a tailored similarity function the agents that are associated with similar objects form a flock, whereas the agents that are associated with objects dissimilar (outliers/anomalies) to each other do not group in flocks. Preliminarily experimental results confirm the validity of the proposed approach.