Abstract
Detecting anomalous data is essential to obtain critical and actionable information such as intrusions, faults, and system failures. In this paper an agent-based clustering algorithm to detect anomalies in a distributed system, is introduced. Each data object, independently of which source it arrives, is associated with a mobile agent following the flocking algorithm, a self-organizing bio-inspired computational model. The agents are randomly disseminated onto a virtual space where they move in order to form a flock. Thanks to a tailored similarity function the agents that are associated with similar objects form a flock, whereas the agents that are associated with objects dissimilar (outliers/anomalies) to each other do not group in flocks. Preliminarily experimental results confirm the validity of the proposed approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aggarwal, C.C., Yu, P.S.: Outlier detection for high dimensional data. In: Proceedings of the 2001 ACM SIGMOD International Conference on Management of Data, SIGMOD 2001, pp. 37–46 (2001)
Alam, S., Dobbie, G., Riddle, P., Naeem, M.A.: A swarm intelligence based clustering approach for outlier detection. In: 2010 IEEE Congress on Proceedings of Evolutionary Computation (CEC), pp. 1–7. IEEE (2010)
Boyd, S., Ghosh, A., Prabhakar, B., Shah, D.: Gossip algorithms: design, analysis and applications. In: Proceedings of 24th Annual Joint Conference of the IEEE Computer and Communications Societies, Proceedings of IEEE, vol. 3, pp. 1653–1664. IEEE (2005)
Cao, F., Ester, M., Qian, W., Zhou, A.: Density-based clustering over an evolving data stream with noise. In: Proceedings of the 2006 SIAM International Conference on Data Mining, pp. 328–339 (2006)
Cui, X., Gao, J., Potok, T.E.: A flocking based algorithm for document clustering analysis. J. Syst. Archit. 52(8), 505–515 (2006)
Cui, X., Potok, T.E.: A distributed agent implementation of multiple species flocking model for document partitioning clustering. In: Klusch, M., Rovatsos, M., Payne, T.R. (eds.) CIA 2006. LNCS (LNAI), vol. 4149, pp. 124–137. Springer, Heidelberg (2006)
Cutsem, B.V., Gath, I.: Detection of outliers and robust estimation using fuzzy clustering. Comput. Stat. Data Anal. 15(1), 47–61 (1993)
Eberhart, R.C., Shi, Y., Kennedy, J.: Swarm Intelligence. Morgan Kaufmann, San Francisco (2001)
Ellabib, I., Calamai, P.H., Basir, O.A.: Exchange strategies for multiple ant colony system. Inf. Sci. 177(5), 1248–1264 (2007)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security, Kluwer (2002)
Folino, G., Forestiero, A., Spezzano, G.: An adaptive flocking algorithm for performing approximate clustering. Inf. Sci. 179(18), 3059–3078 (2009)
Forestiero, A.: Self organization in content delivery networks. In: 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications (ISPA), pp. 851–852. IEEE (2012)
Forestiero, A., Mastroianni, C., Spezzano, G.: A multi agent approach for the construction of a peer-to-peer information system in grids. Self-Organiz. Auton. Inform. (I) 135, 220–225 (2005)
Forestiero, A., Pizzuti, C., Spezzano, G.: Flockstream: a bio-inspired algorithm for clustering evolving data streams. In: ICTAI. pp. 1–8. IEEE Computer Society (2009)
Huang, L., Nguyen, X., Garofalakis, M., Jordan, M.I., Joseph, A., Taft, N.: In-network PCA and anomaly detection. In: Advances in Neural Information Processing Systems, pp. 617–624 (2006)
Kempe, D., Dobra, A., Gehrke, J.: Gossip-based computation of aggregate information. In: Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science, pp. 482–491. IEEE (2003)
Khalilian, M., Mustapha, N.: Data stream clustering: challenges and issues. CoRR abs/1006.5261 (2010)
Mehyar, M., Spanos, D., Pongsajapan, J., Low, S.H., Murray, R.M.: Asynchronous distributed averaging on communication networks. IEEE/ACM Trans. Netw. 15(3), 512–520 (2007)
Mohemmed, A.W., Zhang, M., Browne, W.N.: Particle swarm optimisation for outlier detection. In: GECCO, pp. 83–84. ACM (2010)
Monmarch, N., Slimane, M., Venturini, G.: On improving clustering in numerical databases with artificial ants. In: Floreano, D., Mondada, F. (eds.) ECAL 1999. LNCS, vol. 1674, pp. 626–635. Springer, Heidelberg (1999)
Pokrajac, D., Lazarevic, A., Latecki, L.J.: Incremental local outlier detection for data streams. In: CIDM, pp. 504–515. IEEE (2007)
Reynolds, C.W.: Flocks, herds and schools: a distributed behavioral model. In: Stone, M.C. (ed.) SIGGRAPH, pp. 25–34. ACM, Anaheim (1987)
Tang, J., Chen, Z., Fu, A.W.C., Cheung, D.W.: Capabilities of outlier detection schemes in large datasets, framework and methodologies. Knowl. Inf. Syst. 11(1), 45–84 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Forestiero, A. (2015). A Multi-agent Approach for Intrusion Detection in Distributed Systems. In: Dziech, A., Leszczuk, M., Baran, R. (eds) Multimedia Communications, Services and Security. MCSS 2015. Communications in Computer and Information Science, vol 566. Springer, Cham. https://doi.org/10.1007/978-3-319-26404-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-26404-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26403-5
Online ISBN: 978-3-319-26404-2
eBook Packages: Computer ScienceComputer Science (R0)