Intelligent agents for intrusion detection

The paper focuses on intrusion detection and countermeasures with respect to widely-used operating systems and networks. The design and architecture of an intrusion detection system built from distributed agents is proposed to implement an intelligent system on which data mining can be performed to provide global, temporal views of an entire networked system. A starting point for agent intelligence in the system is the research into the use of machine learning over system call traces from the privileged sendmail program on UNIX. The authors use a rule learning algorithm to classify the system call traces for intrusion detection purposes and show the results.

[1]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[3]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[4]  Hyacinth S. Nwana,et al.  Software agents: an overview , 1996, The Knowledge Engineering Review.

[5]  Jeffrey M. Bradshaw,et al.  An introduction to software agents , 1997 .

[6]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[7]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[8]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[9]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[10]  Alfonso Valdes,et al.  Live Traffic Analysis of TCP/IP Gateways , 1998, NDSS.

[11]  Jihoon Yang,et al.  Feature Subset Selection Using a Genetic Algorithm , 1998, IEEE Intell. Syst..

[12]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.