2.6 Other Intrusion Detection Systems

 In this section, we take a look at some other IDSs that have been developed in the

recent past and on the technologies being used in current IDSs.

2.6.1 AAFID (Autonomous Agents for Intrusion Detection)

 The AAFID [4] system introduced the concept of using autonomous agents to

handle intrusion detection. The tries to address some of the issues faced with monolithic

analysis units in earlier IDSs with this approach. The AAFID system consists of three

components: agents, transceivers, and monitors. Agents examine certain aspects of the

host. They report all abnormal behavior to corresponding transceivers. Agents do not

directly generate an alarm. The transceiver or monitor will generate an error based on the

information that the agent provides. Transceivers handle alarms on a host level, while

monitors handle alarms on a network level.

 The AAFID architecture is shown in Figure 2.1. Any agent can be used with the

AAFID system, as long as it reports information in the format that the transceiver

understands. The transceivers handle control and data processing for the host. Every host

that is part of the AAFID system needs to have a transceiver on it. Monitors can do

higher level correlation. They also handle control and data processing, but on a network

scale. User Interfaces to the AAFID system are plugged into the monitors. The monitors

have an API that lets a Graphical User Interface (GUI) access the AAFID system.