A Temporal Logic Based Approach to Multi-Agent Intrusion Detection and Prevention

Collaborative systems research in the last decade have led to the development in several areas ranging from social computing, e-learning systems to management of complex computer networks. Intrusion Detection Systems (IDS) available today have a number of problems that limit their configurability, scalability or efficiency. An important shortcoming is that the existing architectures is built around a single entity that does most of the data collection and analysis. This work introduces a new architecture for intrusion detection and prevention based on multiple autonomous agents working collectively. We adopt a temporal logic approach to signature-based intrusion detection. We specify intrusion patterns as formulas in a monitorable logic called EAGLE. We also incorporate logics of knowledge into the agents. We implement a prototype tool, called MIDTL and use this tool to detect a variety of security attacks in large log-files provided by DARPA.

[1]  Koushik Sen,et al.  A Temporal Logic Based Framework for Intrusion Detection , 2004, FORTE.

[2]  Koushik Sen,et al.  Efficient decentralized monitoring of safety in distributed systems , 2004, Proceedings. 26th International Conference on Software Engineering.

[3]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[4]  Tao Li,et al.  An Immune Multi-agent System for Network Intrusion Detection , 2008, ISICA.

[5]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[6]  Jean Goubault-Larrecq,et al.  Log auditing through model-checking , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[7]  Gustavo A. Isaza,et al.  An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies , 2009, PAAMS.

[8]  Michael Wooldridge,et al.  Tractable multiagent planning for epistemic goals , 2002, AAMAS '02.

[9]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[10]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[11]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[12]  Naji Habra,et al.  ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis , 1992, ESORICS.