Recent increase in intrusions to computer systems and the damage due to them have raised interests in the research on computer security and intrusion detection systems. The most of intrusion detection methods do not detect intrusion on real-time because it takes long time to analyze an auditing data for intrusions. To solve the problem we are studying a real-time intrusion detection.
In this thesis, I will suggest an agent model using multi warning level for real-time intrusion detection. It applies to distributed environment using an extensibility and communication mechanism among agents, supports a portability, an extensibility and a confidentiality of IDS. This system has a function to decide an abnormality of audit records generated by users. Also, as we present algorithms which can detect different intruders and a technique to detect an action deviated from the normal user pattern using RFM analysis methodology.