Autonomous decision on intrusion detection with trained BDI agents

In the context of computer security, the first step to respond to an intrusive incident is the detection of such activity in the monitored system. In recent years, research in intrusion detection has evolved to become a multi-discipline task that involves areas such as data mining, decision analysis, agent-based systems or cost-benefit analysis among others. We propose a multiagent IDS that considers decision analysis techniques in order to configure itself optimally according to the conditions faced. This IDS also provides a quantitative measure of the value of the response decision it can autonomously take. Results regarding the well-known 1999 KDD dataset are shown.

[1]  Anand S. Rao,et al.  An Abstract Architecture for Rational Agents , 1992, KR.

[2]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[3]  Winfried Lamersdorf,et al.  Jadex: Implementing a BDI-Infrastructure for JADE Agents , 2003 .

[4]  D. Frincke,et al.  A Framework for Cooperative Intrusion Detection , 1998 .

[5]  ElkanCharles Results of the KDD'99 classifier learning , 2000 .

[6]  Sam Kwong,et al.  Anomaly intrusion detection using multi-objective genetic fuzzy system and agent-based evolutionary computation framework , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[7]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[8]  Hui Xiong,et al.  Scan Detection: A Data Mining Approach , 2006, SDM.

[9]  A. Sen,et al.  Choice Functions and Revealed Preference , 1971 .

[10]  Ali A. Ghorbani,et al.  Application of Belief-Desire-Intention Agents in Intrusion Detection & Response , 2004, PST.

[11]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[12]  John E. Gaffney,et al.  Evaluation of intrusion detectors: a decision theory approach , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[13]  Mukesh Singhal,et al.  Cost effective management frameworks for intrusion detection systems , 2004, J. Comput. Secur..

[14]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[15]  Peter Mell,et al.  NIST Special Publication on Intrusion Detection Systems , 2001 .

[16]  Shu-Ching Chen,et al.  Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems , 2007, ACM Trans. Auton. Adapt. Syst..

[17]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[18]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[19]  George F. Riley,et al.  Intrusion detection testing and benchmarking methodologies , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[20]  J A Swets,et al.  Psychological Science Can Improve Diagnostic Decisions , 2000, Psychological science in the public interest : a journal of the American Psychological Society.

[21]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[22]  Taghi M. Khoshgoftaar,et al.  Indirect classification approaches: a comparative study in network intrusion detection , 2006, Int. J. Comput. Appl. Technol..

[23]  Agostino Poggi,et al.  Jade - a fipa-compliant agent framework , 1999 .

[24]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[25]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[26]  Christin Schäfer,et al.  Learning Intrusion Detection: Supervised or Unsupervised? , 2005, ICIAP.

[27]  John E. Gaffney,et al.  A Decision Analysis Method for Evaluating Computer Intrusion Detection Systems , 2004, Decis. Anal..

[28]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security , 2006 .

[29]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[30]  Salvatore J. Stolfo,et al.  Data mining-based intrusion detectors: an overview of the columbia IDS project , 2001, SGMD.

[31]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[32]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[33]  Tansel Özyer,et al.  Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening , 2007, J. Netw. Comput. Appl..

[34]  Arturo Ribagorda,et al.  Fuzzy logic on decision model for IDS , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[35]  Vasant Honavar,et al.  Towards the automatic generation of mobile agents for distributed intrusion detection system , 2006, J. Syst. Softw..

[36]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing) , 2005 .

[37]  Ian Witten,et al.  Data Mining , 2000 .

[38]  Daniel Rousseau,et al.  Economic value of weather and Climate forecasts , 1998 .