ARCHITECTURE OF A MULTI-AGENT INTRUSION DETECTION SYSTEM BASED ON MACHINE LEARNING
DOI:
https://doi.org/10.35546/kntu2078-4481.2026.2.44Keywords:
multi-agent system, intrusion detection, machine learning, cloud services, behavioral analysis, baseline profile, cybersecurity, zero-day attacksAbstract
The article addresses the problem of building an effective intrusion detection system in cloud and distributed environments based on a multi-agent architecture using machine learning methods. The relevance of the study is driven by the rapid development of cloud technologies, the growing number and complexity of cyber threats, and the increased requirements for the continuity and security of distributed information systems. The limitations of traditional signaturebased approaches are demonstrated, as they largely depend on timely updates of rule databases and show insufficient effectiveness in detecting new or modified attacks. The proposed approach combines a signature-based mechanism for analyzing known threats with behavioral modeling based on machine learning methods. This integration enables the detection of both known attacks and unknown zero-day incidents by identifying statistically significant deviations from the established baseline profiles of system and user behavior in real time. A distinctive feature of the work is the formation of two complementary models: the user behavior profile and the overall system functioning profile. To construct these models, a specialized dataset of normal system operation was created, reflecting typical cloud infrastructure usage scenarios and characteristic workload parameters. This approach makes it possible to account for the specifics of a particular environment, improve detection accuracy, reduce the number of false positives, and ensure system adaptability to changing operating conditions. The architecture of the solution is based on a multi-agent approach with functional distribution among intelligent agents that perform data collection, preprocessing, analytical interpretation of events, alert generation, and adaptive knowledge base updating. The implementation of a multi-level structure ensures scalability, configuration flexibility, fault tolerance, and the possibility of integration with existing cloud infrastructure monitoring systems. The obtained experimental results confirm the effectiveness of the proposed model in improving the cybersecurity level of cloud services and ensuring timely detection of cyber incidents
References
Digital 2024 deep-dive: The state of internet adoption. DataReportal, 2024. URL: https://datareportal.com/reports/digital-2024-deep-dive-the-state-of-internet-adoption (дата звернення: 20.02.2026).
Data never sleeps 12.0. Domo, 2024. URL: https://www.domo.com/data-never-sleeps (дата звернення:20.02.2026).
ENISA threat landscape 2024. European Union Agency for Cybersecurity (ENISA), 2024. URL: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024 (дата звернення: 20.02.2026).
2024 Internet crime report / Federal Bureau of Investigation, Internet Crime Complaint Center (IC3). 2025. URL: https://www.ic3.gov/Media/PDF/AnnualReport/2024_IC3Report.pdf (дата звернення: 20.02.2026).
Luo Y. et al. Current status, challenges, and future trends of deep learning-based intrusion detection models. Journal of Imaging. 2024. Vol. 10, № 10. P. 254. DOI: https://doi.org/10.3390/jimaging10100254.
Global cybersecurity outlook 2025. World Economic Forum, 2025. URL: https://www.weforum.org/publications/global-cybersecurity-outlook-2025 (дата звернення: 20.02.2026).
Yang L., Moubayed A., Shami A. MTH-IDS: A multi-tiered hybrid intrusion detection system for internet of vehicles. arXiv. 2021. URL: https://arxiv.org/abs/2105.13289 (дата звернення: 20.02.2026).
Luo Y. et al. Deep Learning for Network Intrusion Detection: A Review of Recent Developments and Future Directions. IEEE Access. 2023. Vol. 11. P. 10234–10255. DOI: https://doi.org/10.1109/ACCESS.2023.3241254.
Pinto Neto E. C. et al. CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors. 2023. Vol. 23, № 13. Art. 5941. DOI: https://doi.org/10.3390/s23135941.
Ferrag M. A. et al. Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning. IEEE Access. 2022. Vol. 10. P. 40281–40306. DOI: https://doi.org/10.1109/ACCESS.2022.3165809.
Chapaneri R., Shah S. Enhanced Detection of Imbalanced Malicious Network Traffic with Regularized Generative Adversarial Networks. Journal of Network and Computer Applications. 2022. Art. 103368. DOI: https://doi.org/10.1016/j. jnca.2022.103368.
Khanna S. Concept Drift-Based Intrusion Detection for Evolving Data Stream Classification in IDS: Approaches and Comparative Study. The Computer Journal. 2024. Vol. 67, № 7. P. 2529–2547. DOI: https://doi.org/10.1093/comjnl/bxae023.
Elsedimy E. I., Elhadidy H., Abohashish S. M. M. A Novel Intrusion Detection System Based on a Hybrid Quantum Support Vector Machine and Improved Grey Wolf Optimizer. Cluster Computing. 2024. DOI: https://doi.org/10.1007/s10586-024-04458-8.
