International Journal of Computer Applications (0975 – 8887) Volume 100– No.9, August 2014 1 An Enhanced Multi-Agent based Network Intrusion Detection System using Shadow Log Namita Singh Department of CSE, AIET, Lucknow, Siddharth Krishan Department of CSE, AITM, Lucknow, Uday Kumar Singh Department of CSE, AIET, Lucknow, ABSTRACT The capability of agent and its distributed problem solving nature makes it useful and powerful; such that it can be utilized in various fields. Various research [1][2][3][4][5][6] has been done and currently in progress based on the utilization of the capability of the agents. Here our focus is on utilization of agent capability for identifying intrusion in network. Some agent based model and framework has been also produced for network intrusion detection system (NIDS)[5][6]. This paper includes a study on theory research an enhanced model based on shadow log. General Terms MAS, NIDS, IDS, LOG etc Keywords MAS (Multi Agent based System), NIDS (Network Intrusion Detection System), Shadow Log. 1. INTRODUCTION Agent environment can be arranged according to different factors such as accessibility, determinism (if an action performed in the environment causes a certain effect), dynamic (how many entities influence the environment at this time ), discrete (if the number of possible actions in the environment is finite), frequency (if the actions of the agent in certain periods of time affect other periods) and dimensionality (if spatial characteristics are important factors in the environment and the agent considers the space in its decision)[1][2][3]. The agents in a multi-agent system have several important characteristics: • Autonomy: agents are at least partially independent • Local views: no agent has a complete overview of the system, or the system is too complex for an agent to make practical use of this knowledge • Decentralization: there is no agent designated control (or the system is effectively reduced to a monolithic system). • The self-organization and self-control, multi-agent systems can manifest self- organization and self-management and other control paradigms and complex behaviors related, even if individual strategies all their agents are simple. When agents can share knowledge using any agreed within the communication protocol of the system language, the approach can lead to a common improvement. Query languages such knowledge Manipulation Language (KQML) and Agent Communication Language FIPA (ACL). Thus agent system can be considered as a network of agents that coordinate with each other to address complex or say big problem that can be solved by a single agent, without a global surveillance system. MAS (Multi-Agent System) are increasingly an area of growing research that uses the ability of the agent to the problem solving approach distributed. It is a technique of "Distributed Problem Solving"[1][2] in the multi-agent in which agents discuss some aspects of the system as follows: • How to divide a complex problem into sub-problems? • How to distribute these sub-problems between them? • How to share knowledge with each other to resolve dependencies between sub solutions? • How to combine sub solution to provide an overall solution to the problem? It is in a multi-agent system (MAS) [5] [6] which contains an environment, objects and agents (the agents being the only act), the relationships between all entities, a set of operations that can be performed by entities and changes in the world of time and because of these actions. From the point of view of distributed problem solving MAS can be defined as a loosely coupled network of problem solving that work together to resolve problems that are beyond the individual capabilities or knowledge of each problem solver. IDS requirement can be given: - • Continuous monitoring / reporting intrusions. • The lowest amount of false alarms. • Auto-control system for repair in case of failure of any attack. • IDS should be adaptive nature of the network topology. • Must be familiar with configuration changes. • Immediate notification of detection to reduce the harm network. • Intrusion detection system must be scalable. • Provide the minimum load network. It requirements may be treated as short coming of IDS for distributed network environment that can be easily solved by using MAS-based IDS for the network. IDS most common deficiencies are: • The high number of false positives • Lack of efficacy • Vulnerability to attacks several IDS have hierarchical structures. This fact gives attackers the possibility of