An evolutionary multi-agent approach to anomaly detection and cyber defense

In this paper we present an evolutionary multi-agent approach for anomaly detection based on adaptive clustering and classification. An evolutionary algorithm is proposed to allow agents to self-organize and cluster the data using different subsets of attributes, and dynamically created metaattributes. A performance metric is defined to allow the best agents to be reinforced and evolve, and to progressively eliminate ineffective agents. Our preliminary results show how the proposed approach can be used in isolation for intrusion detection, or in combination with other mechanisms to improve the performance and capabilities of intrusion, and anomaly detection systems

[1]  J. A. Hartigan,et al.  A k-means clustering algorithm , 1979 .

[2]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[3]  Samuel Patton,et al.  An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT , 2001 .

[4]  Dong Seong Kim,et al.  Genetic algorithm to improve SVM based network intrusion detection system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[5]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[6]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[7]  Choh Man Teng Automatic discovery of attack messages and pre- and post-conditions for attack graph generation , 2010 .

[8]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[9]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[10]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[11]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[12]  G. Schwarz Estimating the Dimension of a Model , 1978 .

[13]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[14]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .