The modern digital landscape is defined by hyper-connectivity and increasing infrastructure complexity. In this environment, traditional, static defense mechanisms—such as centralized firewalls and passive SNMP monitoring—are increasingly ineffective against dynamic internal threats. Modern adversaries employ sophisticated vectors like crypto-jacking, distributed denial-of-service (DDoS) attacks, and “Low and Slow” data exfiltration that often bypass perimeter defenses.
Consequently, the approach to network security should evolve from passive surveillance to automated reaction. Networks benefit from an internal “digital immune system” capable of detecting, diagnosing, and responding to threats at the edge, without human intervention.
This project addresses a practical engineering question: how to maintain service availability and integrity in a distributed environment without imposing significant overhead on the network?
Centralized monitoring solutions often create bottlenecks and fail to provide granular, on-site context. Conversely, deploying heavy antivirus software on every node consumes valuable computational resources. There is a need for a middle ground: a lightweight, distributed intelligence that acts only when necessary.
The primary objective is to design, develop, and validate a distributed anomaly detection system based on a multi-agent architecture using JADE. The agents support:
To achieve these ambitious goals, we adopted a rigorous, full-stack engineering methodology that spans four distinct technological domains:
This report details the complete lifecycle of this project, from the initial architectural design to the implementation of a “Zero-Trust” security model.