The evolution of information systems requires the implementation of a high level of security to minimize the problems associated with these systems. Intrusion Detection Systems (IDS) play a very important role in the security of networks by detecting when an attack is happening, but most current IDS are generally centralized and suffer from significant limitations. This paper describes a new security agent architecture based on learning new attacks. We present the motivation and description of the approach, then the technique adopted for learning is Case based Reasoning (CBR). We also provide our analysis model using the AUML language.