Real-time multi-agent system for an adaptive intrusion detection system

Improve the detection performance of identify the new attacks in real time.Propose and develop a multi-agent system to speed up the IDS processes of detect the attacks.Improve the potential for adaptive IDS on the new attacks in real time and make system faster.Improve the detection rate of Probe, U2R and R2L attacks.Overall accuracy of 95.86% is achieved with whole "Corrected" KDD dataset. An adaptive intrusion detection system that can detect unknown attacks in real-time network traffic is a major concern. Conventional adaptive intrusion detection systems are computationally expensive in terms of computer resources and time because these systems have to be retrained with known and unknown attacks. In this study, a method called Real-Time Multi-agent System for an Adaptive Intrusion Detection System RTMAS-AIDS, which is based on a multi-agent system, is proposed to allow the intrusion detection system to adapt to unknown attacks in real-time. This method utilizes the classification models multi-level hybrid SVM and ELM to detect normal behavior and known attacks. An adaptive SVM model, in which processes run in parallel and are distributed in MAS, is also used to detect and learn new attacks in real-time. Results show that the proposed method significantly reduced the training cost of detecting unknown attacks compared with the conventional method. In addition, the analysis results of the popular KDDCup'99 dataset show that RTMAS-AIDS can detect Probe, R2L, and U2R attacks better than the non-retrained multi-agent system using the multi-level hybrid SVM and ELM models as well as the multi-level hybrid SVM and ELM. RTMAS-AIDS exhibited a significantly improved detection accuracy that reached 95.86% and can detect and learn unknown attacks faster (up to 61%) than the other two methods (MAS-MLSE and MLSE).

[1]  Susan M. Bridges,et al.  A FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING , 2001 .

[2]  Hassan Bevrani,et al.  Multi-agent systems in control engineering: a survey , 2009 .

[3]  Jianming Fu,et al.  A Framework for Adaptive Anomaly Detection Based on Support Vector Data Description , 2004, NPC.

[4]  A. K. Mousa,et al.  Comment on “On Soft β-Open Sets and Soft β-Continuous Functions” , 2015, TheScientificWorldJournal.

[5]  A. Kannan,et al.  An Intrusion Detection System Based on Multiple Level Hybrid Classifier using Enhanced C4.5 , 2008, 2008 International Conference on Signal Processing, Communications and Networking.

[6]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[7]  Harish Kumar,et al.  An intrusion detection system using network traffic profiling and online sequential extreme learning machine , 2015, Expert Syst. Appl..

[8]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[9]  Mohamed Ben Ahmed,et al.  A Framework for an Adaptive Intrusion Detection System using Bayesian Network , 2007, 2007 IEEE Intelligence and Security Informatics.

[10]  Mohamed A. Shaheen,et al.  Adaptive Layered Approach using Machine Learning Techniques with Gain Ratio for Intrusion Detection Systems , 2012, ArXiv.

[11]  Prashant J. Shenoy,et al.  Agile dynamic provisioning of multi-tier Internet applications , 2008, TAAS.

[12]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[13]  Xu Rongsheng,et al.  Modeling Intrusion Detection System by Discovering Association Rule in Rough Set Theory Framework , 2006, 2006 International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce (CIMCA'06).

[14]  Jugal K. Kalita,et al.  MLH-IDS: A Multi-Level Hybrid Intrusion Detection Method , 2014, Comput. J..

[15]  Wathiq Laftah Al-Yaseen,et al.  Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems. , 2015 .

[16]  Md. Abu Naser Bikas,et al.  An Implementation of Intrusion Detection System Using Genetic Algorithm , 2012, ArXiv.

[17]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[18]  Neha Tripathi,et al.  A Survey on Intrusion Detection Systems , 2015 .

[19]  T. Ambwani,et al.  Multi class support vector machine implementation to intrusion detection , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[21]  Rayford B. Vaughn,et al.  Adaptive intrusion detection with data mining , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[22]  C. Xiang,et al.  Design of mnitiple-level tree classifiers for intrusion detection system , 2004, IEEE Conference on Cybernetics and Intelligent Systems, 2004..

[23]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[24]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[25]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.

[26]  Mohd Zakree Ahmad Nazri,et al.  Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems , 2015, TheScientificWorldJournal.

[27]  Hui Lu,et al.  Three-Level Hybrid Intrusion Detection System , 2009, 2009 International Conference on Information Engineering and Computer Science.

[28]  Bu-Sung Lee,et al.  CARRADS: Cross layer based adaptive real-time routing attack detection system for MANETS , 2010, Comput. Networks.

[29]  Maghsoud Abbaspour,et al.  Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller , 2012, Int. J. Netw. Secur..

[30]  Shahaboddin Shamshirband,et al.  Co-FAIS: Cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks , 2014, J. Netw. Comput. Appl..

[31]  L. S. Ng,et al.  Expert security system in wireless sensor networks based on fuzzy discussion multi-agent systems , 2010 .

[32]  Nor Badrul Anuar,et al.  An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique , 2013, Eng. Appl. Artif. Intell..

[33]  Enzo Baccarelli,et al.  Energy-efficient dynamic traffic offloading and reconfiguration of networked data centers for big data stream mobile computing: review, challenges, and a case study , 2016, IEEE Network.

[34]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[35]  Wathiq Laftah Al-Yaseen,et al.  Intrusion Detection System Based on Modified K-means and Multi-level Support Vector Machines , 2015, SCDS.

[36]  V. Rao Vemuri,et al.  Adaptive anomaly detection with evolving connectionist systems , 2007, J. Netw. Comput. Appl..

[37]  Manel Guerrero Zapata,et al.  A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks , 2015, Neurocomputing.

[38]  Liang He,et al.  An Improved Intrusion Detection based on Neural Network and Fuzzy Algorithm , 2014, J. Networks.

[39]  Thomas Weigert,et al.  An adaptive automatically tuning intrusion detection system , 2008, TAAS.