Agent-Based Distributed Intrusion Alert System (original) (raw)
Related papers
An Architecture of a Distributed Intrusion Detection System Using Cooperating Agents
Proceedings of the International Conference on Computing and Informatics (ICOCI ’06), pp. 1-6. Computer and Security Track, June 6-8, 2006, Kuala Lumpur, Malaysia. Paper ID: 007, 2006
An Intrusion Detection System (IDS) is a security mechanism that is expected to monitor and detect intrusions into the computer systems in real time. The currently available intrusion detection systems have a number of problems that limit their configurability, scalability, and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. In this paper, we propose a distributed architecture with autonomous and cooperating agents without any central analysis component. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in design of an IDS in terms of scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. We have developed a proof-of-concept prototype, and conducted experiments on the system. The results show the effectiveness of our system in detecting intrusive activities in any network of workstations.
A Distributed Intrusion Detection System Using Cooperating Agents
Proceedings of the 3rd International Conference on Information Processing (ICIP’09), August 7 – 9, Bangalore, 2009, Editors: L.M. Patnaik and K.R. Venugopal, pp. 559 – 568. , 2009
The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes which may lead to a single point of failure. In this paper, a distributed intrusion detection architecture is presented that is based on autonomous and cooperating agents without any centralized analysis components. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. A proof-of-concept prototype is developed and experiments have been conducted on it. The results show the effectiveness of the system in detecting intrusive activities.
Agent-Based Approach for Distributed Intrusion Detection System Design
Computational Science – ICCS 2006, 2006
The aim of this paper is to propose an architecture of distributed Intrusion Detection System (IDS). It is assumed that IDS system will detect and track dissemination and activity of the Internet worms. A general architecture for such a distributed multiagent system is proposed and the tasks, techniques and algorithms to be used are sketched.
A Survey on Multi-Agent Based Collaborative Intrusion Detection Systems
Journal of Artificial Intelligence and Soft Computing Research
Multi-Agent Systems (MAS) have been widely used in many areas like modeling and simulation of complex phenomena, and distributed problem solving. Likewise, MAS have been used in cyber-security, to build more efficient Intrusion Detection Systems (IDS), namely Collaborative Intrusion Detection Systems (CIDS). This work presents a taxonomy for classifying the methods used to design intrusion detection systems, and how such methods were used alongside with MAS in order to build IDS that are deployed in distributed environments, resulting in the emergence of CIDS. The proposed taxonomy, consists of three parts: 1) general architecture of CIDS, 2) the used agent technology, and 3) decision techniques, in which used technologies are presented. The proposed taxonomy reviews and classifies the most relevant works in this topic and highlights open research issues in view of recent and emerging threats. Thus, this work provides a good insight regarding past, current, and future solutions for ...
An Agent-Based Intrusion Detection System for Local Area Networks
International Journal of Communication Networks and Information Security (IJCNIS), Vol 2, No 2, pp. 128 – 140, August 2010, 2010
Since it is impossible to predict and identify all the vulnerabilities of a network beforehand, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities to ensure the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days’ networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has a high detection efficiency and low false positives compared to some of the currently existing systems.
Distributed Intrusion Detection using Mobile Agents
DIDMA (Distributed Intrusion Detection using Mobile Agents) is a novel architecture in the field of IDS (Intrusion Detection Systems), utilizing an agent-based approach in order to realize a distributed framework. The novelty in this architecture is the employment of mobile agents as its auditing components. This novel approach overcomes certain problems associated with traditional designs in IDS. In particular, problematic areas such as high-speed networks, not visible traffic, and fail-open architecture have been successfully managed. Moreover, the fault tolerant decentralized design of DIDMA clearly demonstrated resilience against active attacks.
Autonomous Agent Based Distributed Fault-Tolerant Intrusion Detection System
Proceedings of the 2nd International Conference on Distributed Computing and Internet Technology (ICDCIT ’05), December 22-24, 2005, Bhubaneswar, India. Springer-Verlag, Germany, LNCS 3186, pp. 125-131. Editor: Gautam Chakraborty, 2005
Because all vulnerabilities of a network cannot be realized, and penetration of the system cannot always be prevented, intrusion detection systems have become necessary to ensure the security of a network. The intrusion detection systems need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today’s network environments, the design of an intrusion detection system has become a very challenging task. A great deal of research has been conducted on intrusion detection in a distributed environment to circumvent the problems of centralized approaches. However, distributed intrusion detection systems suffer from a number of drawbacks e.g., high rates of false positives, low efficiency etc. In this paper, we propose the architecture of a fully distributed intrusion detection system that uses a set of autonomous but cooperating agents. The system has also the capability of isolating compromised nodes from intrusion detection activity thereby ensuring fault-tolerance in computation.
Lecture Notes in Computer Science (LNCS), Vol 3186, 2005
Because all vulnerabilities of a network cannot be realized, and penetration of the system cannot always be prevented, intrusion detection systems have become necessary to ensure the security of a network. The intrusion detection systems need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's network environments, the design of an intrusion detection system has become a very challenging task. A great deal of research has been conducted on intrusion detection in a distributed environment to circumvent the problems of centralized approaches. However, distributed intrusion detection systems suffer from a number of drawbacks e.g., high rates of false positives, low efficiency etc. In this paper, we propose the architecture of a fully distributed intrusion detection system that uses a set of autonomous but cooperating agents. The system has also the capability of isolating compromised nodes from intrusion detection activity thereby ensuring fault-tolerance in computation.
Distributed and collaborative intrusion detection systems
2008
Intrusion detection systems help improve the security of networks by providing early warning and response. To improve the detection of attacks, sharing data among distributed nodes or terminals and collaborating on a decision is key. This paper presents a Distributed and Collaborative Intrusion Detection (DaCID) system that relies on Dempster Shafer theory of evidence for fusing data from multiple nodes. In this approach the detection is done collaboratively and the decision is distributed among all nodes. DaCID is more robust than other systems since it is completely distributed and the decision is made autonomously at each node. Simulation results demonstrated that DaCID's performance approaches that of a centralized method.