A Multi-agents Intrusion Detection System Using Ontology and Clustering Techniques

Nowadays, the increase in technology has brought more sophisticated intrusions. Consequently, Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. This paper introduces a novel hybrid multi-agents IDS based on the intelligent combination of a clustering technique and an ontology model, called OCMAS-IDS. The latter integrates the desirable features provided by the multi-agents methodology with the benefits of semantic relations as well as the high accuracy of the data mining technique. Carried out experiments showed the efficiency of our distributed IDS, that sharply outperforms other systems over real traffic and a set of simulated attacks.

[1]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[2]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[3]  Dhruvin Shah,et al.  Future Navigation System for Blind/Illiterate/Old People , 2014 .

[4]  Gary B. Wills,et al.  Unsupervised Clustering Approach for Network Anomaly Detection , 2012, NDT.

[5]  Ryan Ribeiro de Azevedo,et al.  An Autonomic Ontology-Based Multiagent System for Intrusion Detection in Computing Environments , 2010 .

[6]  Claude Tangha,et al.  MONI: Mobile Agents Ontology based for Network Intrusions Management , 2008, Int. J. Adv. Media Commun..

[7]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[8]  Luis Fernando Castillo,et al.  Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention , 2009, CISIS.

[9]  Lian Duan,et al.  Density-Based Clustering and Anomaly Detection , 2012 .

[10]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[11]  Vijay Kumar Jha,et al.  Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets , 2013 .

[12]  Javier Bajo,et al.  idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining , 2013, Inf. Sci..

[13]  Salvador Mandujano,et al.  An ontology-based multiagent approach to outbound intrusion detection , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..

[14]  Krupa Brahmkstri,et al.  Ontology Based Multi-Agent Intrusion Detection System for Web Service Attacks Using Self Learning , 2014 .

[15]  Wan Li,et al.  An ontology-based intrusion alerts correlation system , 2010, Expert Syst. Appl..

[16]  Sadok Ben Yahia,et al.  Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches , 2011, ADMI.

[17]  M. Kahani,et al.  Ontology-based distributed intrusion detection system , 2009, 2009 14th International CSI Computer Conference.

[18]  S SodiyaA.,et al.  Neural Network based Intrusion Detection Systems , 2014 .

[19]  Ravi Ranjan,et al.  A New Clustering Approach for Anomaly Intrusion Detection , 2014, ArXiv.

[20]  Anupam Joshi,et al.  Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.