Dynamic information source selection for intrusion detection systems

Our work presents a mechanism designed for the selection of the optimal information provider in a multi-agent, heterogeneous and unsupervised monitoring system. The self-adaptation mechanism is based on the insertion of a small set of prepared challenges that are processed together with the real events observed by the system. The evaluation of the system response to these challenges is used to select the optimal information source. Our algorithm uses the concept of trust to identify the best source and to optimize the number of challenges inserted into the system. The mechanism is designed for intrusion/fraud detection systems, which are frequently deployed as part of online transaction processing (banking, telecommunications or process monitoring systems). Our approach features unsupervised adjustment of its configuration and dynamic adaptation to the changing environment, which are both vital for these domains.

[1]  R. Polikar,et al.  Ensemble based systems in decision making , 2006, IEEE Circuits and Systems Magazine.

[2]  Thomas Engel,et al.  Towards Trust-Based Acquisition of Unverifiable Information , 2008, CIA.

[3]  Zhi-Li Zhang,et al.  Reducing Unwanted Traffic in a Backbone Network , 2005, SRUTI.

[4]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[5]  Nicholas R. Jennings,et al.  Sequential decision making with untrustworthy service providers , 2008, AAMAS.

[6]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.

[7]  Stephen Northcutt,et al.  Network Intrusion Detection: An Analyst's Hand-book , 1999 .

[8]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[9]  Michal Pechoucek,et al.  Trust-Based Classifier Combination for Network Anomaly Detection , 2008, CIA.

[10]  David J. Hand,et al.  Statistical fraud detection: A review , 2002 .

[11]  Ronald R. Yager,et al.  On ordered weighted averaging aggregation operators in multicriteria decisionmaking , 1988, IEEE Trans. Syst. Man Cybern..

[12]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[13]  Achim Rettinger,et al.  Learning Initial Trust Among Interacting Agents , 2007, CIA.

[14]  D. S. Moore,et al.  The Basic Practice of Statistics , 2001 .

[15]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[16]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[17]  Nicholas R. Jennings,et al.  FIRE: An Integrated Trust and Reputation Model for Open Multi-Agent Systems , 2004, ECAI.

[18]  Somesh Jha,et al.  Fusion and Filtering in Distributed Intrusion Detection Systems , 2004 .

[19]  Michal Pechoucek,et al.  Trust Modeling with Context Representation and Generalized Identities , 2007, CIA.

[20]  Tao Ye,et al.  Connectionless port scan detection on the backbone , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[21]  Ronald R. Yager,et al.  On ordered weighted averaging aggregation operators in multicriteria decision-making , 1988 .

[22]  Munindar P. Singh,et al.  Formal Trust Model for Multiagent Systems , 2007, IJCAI.

[23]  Thomas G. Dietterich Multiple Classifier Systems , 2000, Lecture Notes in Computer Science.

[24]  Nicholas R. Jennings,et al.  Coping with inaccurate reputation sources: experimental analysis of a probabilistic trust model , 2005, AAMAS '05.

[25]  F. Johansson,et al.  Detection of vessel anomalies - a Bayesian network approach , 2007, 2007 3rd International Conference on Intelligent Sensors, Sensor Networks and Information.

[26]  Rino Falcone,et al.  Principles of trust for MAS: cognitive anatomy, social importance, and quantification , 1998, Proceedings International Conference on Multi Agent Systems (Cat. No.98EX160).

[27]  Sarit Kraus,et al.  Efficiently determining the appropriate mix of personal interaction and reputation information in partner choice , 2008, AAMAS.

[28]  Craig Boutilier,et al.  Coordination in multiagent reinforcement learning: a Bayesian approach , 2003, AAMAS '03.

[29]  David Andre,et al.  Model based Bayesian Exploration , 1999, UAI.