Abstract
Existing intrusion detection systems (IDS) operate inde- pendently from security policy enforcement mechanism. In current IDS the functionality has been restricted to detect- ing only anomaly in system behavior and system misuse. In order to assist system administrators in restoring and strengthening system security after an intrusion is detected this paper proposes a method that will link the security vi- olation to a non-empty subset of the policy base. A multi- agent system is proposed to automate the intrusion detec- tion and analysis. Keywords: Intrusion detection, security context, policy base