Integrating Partial Models of Network Normality via Cooperative Negotiation: An Approach to Development of Multiagent Intrusion Detection Systems

Using agents for developing intrusion detection systems can provide several advantages, including configurability, adaptability, scalability, and robustness. Almost all works in agent-based intrusion detection have considered agents as elements that perform specific tasks in the intrusion detection process. In this paper, we propose a novel way of using agents to solve one of the most pressing problems in intrusion detection: the definition of an accurate model of network normality. We consider agents as associated to partial models of network normality that harmonize their conflicts via cooperative negotiation. Experimental results show that the proposed approach is promising.

[1]  Francesco Amigoni,et al.  A cooperative negotiation protocol for physiological model combination , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[2]  Martin Rehak,et al.  CAMNEP: An intrusion detection system for high-speed networks , 2008 .

[3]  Victor R. Lesser,et al.  Cooperative negotiation for soft real-time distributed resource allocation , 2003, AAMAS '03.

[4]  Francesco Amigoni,et al.  Anthropic agency: a multiagent system for physiological processes , 2003, Artif. Intell. Medicine.

[5]  Stefano Zanero,et al.  Analyzing TCP Traffic Patterns Using Self Organizing Maps , 2005, ICIAP.

[6]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[7]  A. Rubinstein Perfect Equilibrium in a Bargaining Model , 1982 .

[8]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[9]  Francesco Amigoni,et al.  Combining rate-adaptive cardiac pacing algorithms via multiagent negotiation , 2006, IEEE Transactions on Information Technology in Biomedicine.

[10]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[11]  Csilla Farkas,et al.  PAID: A Probabilistic Agent-Based Intrusion Detection system , 2005, Comput. Secur..

[12]  Ali A. Ghorbani,et al.  Application of Belief-Desire-Intention Agents in Intrusion Detection & Response , 2004, PST.

[13]  Sandip Sen,et al.  Agent-Based Distributed Intrusion Alert System , 2004, IWDC.

[14]  Fabio A. González,et al.  CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[15]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[16]  John Bigham,et al.  Cooperative negotiation in a multi-agent system for real-time load balancing of a mobile cellular network , 2003, AAMAS '03.

[17]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[18]  Giuseppe Serazzi,et al.  Unsupervised learning algorithms for intrusion detection , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[19]  Francesco Amigoni,et al.  A formal framework for connective stability of highly decentralized cooperative negotiations , 2007, Autonomous Agents and Multi-Agent Systems.

[20]  Marc Dacier,et al.  Intrusion detection , 1999, Comput. Networks.

[21]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.