Abstract
Most of the intrusion detection systems are unable to detect behavior-based intrusions such as Stuxnet, because of their absolute view of the intrusion. There are some legitimate behaviors which their subsequences cause intrusions. In this paper, a multi-agent model inspired by the human immune system has been proposed whose autonomous agents have a conditional view towards intrusion concept. The first level of the intrusion detection in this model has been implemented in clients' side on the anomaly detection. Furthermore, by agent migration to the server, the final detection about the intrusion is fulfilled by server’s agents in second level. In this level, an intrusion probability is measured in a Bayesian network based on the subsequence of functions and system calls which has been invoked in the client. This value shows the occurrence probability of this subsequence in an intrusion. Therefore, the false negative error probability will be decreased.