MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach

This paper proposes an agent-based approach using artificial immune system (AIS) paradigms as a successful mechanism for a distributed intrusion detection system (IDS). The AIS paradigms are negative selection, clonal selection, danger theory, and immune network. These paradigms are very successful for anomaly IDS. The AIS paradigms are inspired by the powerful human immune system (HIS) and are promising candidate for design of an IDS. The proposed AIS-based agents are capable of learning, self-adaption, platform mobility, autonomy and collaboration. The proposed system (MAIS-IDS) was designed using these powerful and collaborative agents. This system has mobile and static agents with detector agents as the main actors in MAIS-IDS. The life cycles of agents are determined using the proposed immune algorithms in specific phases. Essential characteristics of MAIS-IDS are cloning, mutation, migration, collaboration, and randomness. MAIS-IDS was evaluated using a network of virtualized hosts, a kernel-based virtual machine (KVM) hypervisor and management Orchestra.

[1]  Neda Afzali Seresht,et al.  A new clonal selection algorithm based on radius regularization of anomaly detectors , 2012, The 16th CSI International Symposium on Artificial Intelligence and Signal Processing (AISP 2012).

[2]  Davood Maleki,et al.  An Intrusion Detection Technique using Co-Co Immune System for Distributed Data Networks (CoCo -ISD) , 2008 .

[3]  Sujatha Srinivasan,et al.  Intelligent agent based artificial immune system for computer security—a review , 2009, Artificial Intelligence Review.

[4]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[5]  Fred B. Schneider,et al.  Hypervisor-based fault tolerance , 1996, TOCS.

[6]  Wai-wa. Lam,et al.  Multi-agent based human immune system , 1999 .

[7]  Marco Carvalho,et al.  Agent-Based Immunological Intrusion Detection System for Mobile Ad-Hoc Networks , 2008, ICCS.

[8]  Azzedine Boukerche,et al.  A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[9]  Tao Li,et al.  Distributed agents model for intrusion detection based on AIS , 2009, Knowl. Based Syst..

[10]  Michael Hilker,et al.  SANA - Security Analysis in Internet Traffic through Artificial Immune Systems , 2006, Trustworthy Software.

[11]  Chen Zhongmin,et al.  The Algorithm Design of Agent for Detecting and Analyzing Data in Intrusion Detection Based on Immune Principle , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[12]  Takeshi Okamoto,et al.  Framework of an Immunity-Based Anomaly Detection System for User Behavior , 2007, KES.

[13]  Zhuo Chang,et al.  The design of wireless intrusion detection system based on immune algorithm , 2011, 2011 International Conference on Machine Learning and Cybernetics.

[14]  Jérôme Darmont,et al.  Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification , 2009 .

[15]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[16]  Jaideep Srivastava,et al.  Intrusion Detection: A Survey , 2005 .

[17]  Chung-Ming Ou,et al.  Host-based intrusion detection systems adapted from agent-based artificial immune systems , 2012, Neurocomputing.

[18]  Julie Greensmith,et al.  Detecting Danger: The Dendritic Cell Algorithm , 2010, ArXiv.

[19]  Reza Azmi,et al.  SHADuDT: Secure hypervisor-based anomaly detection using danger theory , 2013, Comput. Secur..

[20]  Wenjian Luo,et al.  Designing Abstract Immune Mobile Agents for Distributed Intrusion Detection , 2005, 2005 International Conference on Neural Networks and Brain.

[21]  Zhang Rui A Survey of Intrusion Detection Systems , 2002 .

[22]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[23]  Giuseppe M. L. Sarnè,et al.  Cloning mechanisms to improve agent performances , 2013, J. Netw. Comput. Appl..

[24]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[25]  Chung-Ming Ou,et al.  Multiagent-based computer virus detection systems: abstraction from dendritic cell algorithm with danger theory , 2013, Telecommun. Syst..

[26]  Giuseppe M. L. Sarnè,et al.  EVA: AN EVOLUTIONARY APPROACH TO MUTUAL MONITORING OF LEARNING INFORMATION AGENTS , 2011, Appl. Artif. Intell..

[27]  Azzedine Boukerche,et al.  An agent based and biological inspired real-time intrusion detection and security model for computer network operations , 2007, Comput. Commun..

[28]  Tansu Alpcan,et al.  A Cooperative AIS Framework for Intrusion Detection , 2007, 2007 IEEE International Conference on Communications.

[29]  Tao Li,et al.  An Immune Mobile Agent Based Grid Intrusion Detection Model , 2006, SEAL.

[30]  Yasir Abdelgadir Mohamed,et al.  Implementation of IDS with response for securing MANETs , 2010, 2010 International Symposium on Information Technology.

[31]  Yaping Jiang,et al.  Design of network security system base on vaccination , 2010, 2010 Sixth International Conference on Natural Computation.

[32]  Jean-Yves Le Boudec,et al.  An Artificial Immune System Approach to Misbehavior Detection in Mobile Ad Hoc Networks , 2004, BioADIT.