Abstract
We propose a distributed architecture agents to monitor security-related activity within a within a network. Each agent operates cooperatively yet independently of the others, providing for efficiency, real-time response and distribution of resources. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise.
We also propose a scheme of escalating levels of alertness, and a way to notify other agents on other computers in a network of attacks so they can take preemptive or reaction measures. We designed a neutral network to measure and determine alert threshold values. A communication protocols proposed to relay these alerts throughout the network. We illustrate our design with a detailed scenario.