Agent Methods for Network Intrusion Detection and Response

While the need to build the Intrusion Detection Systems (IDS) based on on a distributed and cooperative (P2P) paradigm is being generally acknowledged, the field has been disconnected from the recent advances in the multi-agent research, most notably the field of trust modeling. Our contribution reviews recent implementations of IDS systems and presents them from an agent research perspective. We also identify the opportunities where the agent approaches can be successfully used. Agent techniques can make the IDS more adaptive, scalable and reliable while increasing their autonomy and reducing the maintenance requirements. Besides trust modeling, we propose that the distributed decision-making and planning techniques can be used to shorten the detection-response loop, making the system more robust while facing worm attacks.

[1]  Sarvapali D. Ramchurn,et al.  Trust in multi-agent systems , 2004, The Knowledge Engineering Review.

[2]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[3]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[4]  Andreas Birk,et al.  Boosting cooperation by evolving trust , 2000, Appl. Artif. Intell..

[5]  Jordi Sabater-Mir,et al.  Review on Computational Trust and Reputation Models , 2005, Artificial Intelligence Review.

[6]  L. Foltyn,et al.  Reflective-Cognitive Architecture: From Abstract Concept to Self-Adapting Agent , 2006, IEEE Workshop on Distributed Intelligent Systems: Collective Intelligence and Its Applications (DIS'06).

[7]  Guillermo Ricardo Simari,et al.  Multiagent systems: a modern approach to distributed artificial intelligence , 2000 .

[8]  Tuomas Sandholm,et al.  Distributed rational decision making , 1999 .

[9]  Jordi Sabater-Mir,et al.  REGRET: reputation in gregarious societies , 2001, AGENTS '01.

[10]  Pattie Maes,et al.  Computational reflection , 1987, The Knowledge Engineering Review.

[11]  L. Foltyn,et al.  Autonomous Protection Mechanism for Joint Networks in Coalition Operations , 2007, 2007 International Conference on Integration of Knowledge Intensive Multi-Agent Systems.

[12]  Michal Pechoucek,et al.  Role of acquaintance models in agent's private and semi-private knowledge disclosure , 2006, Knowl. Based Syst..

[13]  Victor R. Lesser,et al.  Coalitions Among Computationally Bounded Agents , 1997, Artif. Intell..

[14]  Angelos D. Keromytis,et al.  Countering network worms through automatic patch generation , 2005, IEEE Security & Privacy Magazine.

[15]  M. Asaka,et al.  A method of tracing intruders by use of mobile agents , 1999 .

[16]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[17]  T. Karygiannis,et al.  MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[18]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[19]  Jeffrey M. Bradshaw,et al.  Representing Context for Multiagent Trust Modeling , 2006, 2006 IEEE/WIC/ACM International Conference on Intelligent Agent Technology.

[20]  Munindar P. Singh,et al.  Detecting deception in reputation management , 2003, AAMAS '03.

[21]  Michal Pechoucek,et al.  Trust model for open ubiquitous agent systems , 2005, IEEE/WIC/ACM International Conference on Intelligent Agent Technology.

[22]  Rino Falcone,et al.  Integrating Trustfulness and Decision Using Fuzzy Cognitive Maps , 2003, iTrust.

[23]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[24]  Audun Jøsang,et al.  Simplification and analysis of transitive trust networks , 2006, Web Intell. Agent Syst..

[25]  Vinod Yegneswaran,et al.  Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.

[26]  Michael P. Wellman,et al.  A market protocol for decentralized task allocation , 1998, Proceedings International Conference on Multi Agent Systems (Cat. No.98EX160).

[27]  Jeffrey M. Bradshaw,et al.  Human-Agent Teamwork and Adjustable Autonomy in Practice , 2003 .

[28]  H. Javitz,et al.  Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1 , 1997 .

[29]  Leon Sterling,et al.  Agent-based global transportation scheduling in military logistics , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[30]  Angelos D. Keromytis,et al.  A holistic approach to service survivability , 2003, SSRS '03.

[31]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[32]  Sarvapali D. Ramchurn,et al.  Trust in Multiagent Systems , 2004 .

[33]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[34]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[35]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[36]  Reid G. Smith,et al.  The Contract Net Protocol: High-Level Communication and Control in a Distributed Problem Solver , 1980, IEEE Transactions on Computers.

[37]  Gerhard Weiss,et al.  Multiagent systems: a modern approach to distributed artificial intelligence , 1999 .

[38]  Jeffrey M. Bradshaw,et al.  Enforcement of communications policies in software agent systems through mobile code , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[39]  Nicholas R. Jennings,et al.  An integrated trust and reputation model for open multi-agent systems , 2006, Autonomous Agents and Multi-Agent Systems.

[40]  M. Pechoucek,et al.  Distributed Planning Algorithm for Coalition Logistics in Semi-trusted Environment , 2006, IEEE Workshop on Distributed Intelligent Systems: Collective Intelligence and Its Applications (DIS'06).