PAID: A Probabilistic Agent-Based Intrusion Detection system

In this paper we describe architecture and implementation of a Probabilistic Agent-Based Intrusion Detection (PAID) system. The PAID system has a cooperative agent architecture. Autonomous agents can perform specific intrusion detection tasks (e.g., identify IP-spoofing attacks) and also collaborate with other agents. The main contributions of our work are the following: our model allows agents to share their beliefs, i.e., the probability distribution of an event occurrence. Agents are capable to perform soft-evidential update, thus providing a continuous scale for intrusion detection. We propose methods for modelling errors and resolving conflicts among beliefs. Finally, we have implemented a proof-of-concept prototype of PAID.

[1]  Agostino Poggi,et al.  Jade - a fipa-compliant agent framework , 1999 .

[2]  Jirí Vomlel,et al.  A Prototypical System for Soft Evidential Update , 2004, Applied Intelligence.

[3]  Moninder Singh,et al.  Construction of Bayesian network structures from data: A brief survey and an efficient algorithm , 1995, Int. J. Approx. Reason..

[4]  Moninder Singh,et al.  An Algorithm for the Construction of Bayesian Network Structures from Data , 1993, UAI.

[5]  Jiri Vomlel,et al.  Probabilistic reasoning with uncertain evidence , 2004 .

[6]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[8]  Peter G. Neumann,et al.  Experience with EMERALD to Date , 1999, Workshop on Intrusion Detection and Network Monitoring.

[9]  William DuMouchel,et al.  Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities , 1999 .

[10]  A. Hasman,et al.  Probabilistic reasoning in intelligent systems: Networks of plausible inference , 1991 .

[11]  Shigeki Goto,et al.  The Implementation of IDA: An Intrusion Detection Agent System , 1999 .

[12]  Gregory F. Cooper,et al.  The Computational Complexity of Probabilistic Inference Using Bayesian Belief Networks , 1990, Artif. Intell..

[13]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[14]  Lionel Sacks,et al.  Active Platform Security through Intrusion Detection Using Naïve Bayesian Network for Anomaly Detection , 2002 .

[15]  In Proceedings of the Ninth Annual Conference on Uncertainty in Artificial Intelligence ( UAI-93 ) , .

[16]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[17]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[18]  Simukai W. Utete,et al.  Local Information Processing for Decision Making in Decentralised Sensing Networks , 1998, IEA/AIE.

[19]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[20]  Richard E. Neapolitan,et al.  Probabilistic reasoning in expert systems - theory and algorithms , 2012 .

[21]  David J. Spiegelhalter,et al.  Local computations with probabilities on graphical structures and their application to expert systems , 1990 .

[22]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[23]  Marinus J. Plasmeijer,et al.  The Implementation of iData , 2005, IFL.

[24]  Sung Deok Cha,et al.  SAD: web session anomaly detection based on parameter estimation , 2004, Comput. Secur..

[25]  Yang Xiang,et al.  PROBABILISTIC REASONING IN MULTIAGENT SYSTEMS: A GRAPHICAL MODELS APPROACH, by Yang Xiang, Cambridge University Press, Cambridge, 2002, xii + 294 pp., ISBN 0-521-81308-5 (Hardback, £45.00). , 2002, Robotica.

[26]  Udo W. Pooch,et al.  A Methodology for Using Intelligent Agents to provide Automated Intrusion Response , 2000 .

[27]  David J. Spiegelhalter,et al.  Probabilistic Networks and Expert Systems , 1999, Information Science and Statistics.

[28]  Radia Perlman Interconnections: Bridges and Routers , 1992 .

[29]  Gregory F. Cooper,et al.  A Bayesian method for the induction of probabilistic networks from data , 1992, Machine Learning.

[30]  Jirí Vomlel,et al.  Soft evidential update for probabilistic multiagent systems , 2002, Int. J. Approx. Reason..

[31]  Richard E. Neapolitan,et al.  Learning Bayesian networks , 2007, KDD '07.

[32]  Yoram Singer,et al.  Efficient Bayesian Parameter Estimation in Large Discrete Domains , 1998, NIPS.

[33]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[34]  David J. Spiegelhalter,et al.  Bayesian analysis in expert systems , 1993 .

[35]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[36]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[37]  Kathryn B. Laskey,et al.  Hypothesis Management in Situation-Specific Network Construction , 2001, UAI.

[38]  S. Frühwirth-Schnatter State Space and Unobserved Component Models: Efficient Bayesian parameter estimation , 2004 .

[39]  toExcel Extensible Markup Language (Xml) 1.0 Specifications: From the W3c Recommendations , 2000 .

[40]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[41]  Marc Dacier,et al.  Design of an Intrusion-Tolerant Intrusion Detection System , 2002 .