Adaptive Agents Applied to Intrusion Detection

This paper proposes a system of agents that make predictions over the presence of intrusions. Some of the agents act as predictors implementing a given Intrusion Detection model, sniffing out the same traffic. An assessment agent weights the forecasts of such predictor agents, giving a final binary conclusion using a probabilistic model. These weights are continuously adapted according to the previous performance of each predictor agent. Other agent establishes if the prediction from the assessor agent was right or not, sending him back the results. This process is continually repeated and runs without human interaction. The effectiveness of our proposal is measured with the usual method applied in Intrusion Detection domain: Receiver Operating Characteristic curves (detection rate versus false alarm rate). Results of the adaptive agents applied to intrusion detection improve ROC curves as it is shown in this paper.

[1]  Timothy W. Finin,et al.  Kqml: an information and knowledge exchange protocol , 1994 .

[2]  José M. Molina López,et al.  A fuzzy model of reputation in multi-agent systems , 2001, AGENTS '01.

[3]  Eric Miller,et al.  Testing and evaluating computer intrusion detection systems , 1999, CACM.

[4]  James P. Egan,et al.  Signal detection theory and ROC analysis , 1975 .

[5]  Udo W. Pooch,et al.  A Methodology for Using Intelligent Agents to provide Automated Intrusion Response , 2000 .

[6]  Pattie Maes,et al.  Agents that reduce work and information overload , 1994, CACM.

[7]  Javier Carbó,et al.  TRUST MANAGEMENT THROUGH FUZZY REPUTATION , 2003 .

[8]  Steven J. Plimpton,et al.  Massively parallel methods for engineering and science problems , 1994, CACM.

[9]  Alvin F. Martin,et al.  The DET curve in assessment of detection task performance , 1997, EUROSPEECH.

[10]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[11]  R. Lippmann,et al.  Coronary artery bypass risk prediction using neural networks. , 1997, Annals of Thoracic Surgery.

[12]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[13]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[14]  Jonatan Gómez,et al.  Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[15]  Anand S. Rao,et al.  BDI Agents: From Theory to Practice , 1995, ICMAS.

[16]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[17]  Arturo Ribagorda,et al.  Fuzzy logic on decision model for IDS , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[18]  A. H. Murphy A New Vector Partition of the Probability Score , 1973 .

[19]  A. H. Murphy,et al.  Forecast value: prototype decision-making models , 1997 .

[20]  Giovanni Vigna,et al.  An Intrusion Detection System for Aglets , 2002, Mobile Agents.

[21]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[22]  Randall Davis,et al.  Frameworks for Cooperation in Distributed Problem Solving , 1988, IEEE Transactions on Systems, Man, and Cybernetics.

[23]  D. Dasgupta,et al.  Mobile security agents for network traffic analysis , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[24]  J. Swets The Relative Operating Characteristic in Psychology , 1973, Science.