Most current IDS are generally centralized andsuffer from significant limitations when used in high speednetworks, especially when they face distributed attacks. Thispaper shows that the use of mobile agents has practical advantagesfor intrusion detection. For this purpose we carriedout a comparative experimental study of some IDS, showingtheir limits and then we propose an implementation of a newMAFIDS (Mobile Agent for Intrusion Detection System)model focusing on misuse approach. The performance ofMAFIDS is investigated in terms of detection delay, falsealarm and detection rate by comparing it to a centralizedIDS over real traffic and a set of simulated attacks.