Abstract
While the need to build the Intrusion Detection Systems (IDS) based on on a distributed and cooperative (P2P) paradigm is being generally acknowledged, the field has been disconnected from the recent advances in the multi-agent research, most notably the field of trust modeling. Our contribution reviews recent implementations of IDS systems and presents them from an agent research perspective. We also identify the opportunities where the agent approaches can be successfully used. Agent techniques can make the IDS more adaptive, scalable and reliable while increasing their autonomy and reducing the maintenance requirements. Besides trust modeling, we propose that the distributed decision-making and planning techniques can be used to shorten the detection-response loop, making the system more robust while facing worm attacks.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Jansen, W., Mell, P., Karygiannis, T., Marks, D.: Mobile agents in intrusion detection and response. In: 12th Annual Canadian Information Technology Security Symposium, Ottawa, Canada (2000)
Pappalardo, D., Messmer, E.: Extortion via ddos on the rise (2005)
Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: global characteristics and prevalence. In: SIGMETRICS, pp. 138–147 (2003)
CERT: Overview of attack trends. Technical report (2002)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Security and Privacy 01, 33–39 (2003)
Shannon, C., Moore, D.: The Spread of the Witty Worm. Technical report, CAIDA - Cooperative Association for Internet Data Analysis (2004)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3, 262–294 (2000)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: INFOCOM (2003)
Cooke, E., Jahanian, F., Mcpherson, D.: The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In: Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pp. 39–44 (2005)
Sierhuis, M., Bradshaw, J., Acquisiti, A., van Hoof, R., Jeffers, R., Uszok, A.: Human-agent teamworks and adjustable autonomy in practice. In: Proceedings of the 7th International Symposium on Artificial Intelligence, Robotics and Automation in Space: i-SAIRAS - NARA, Japan (2003)
SNORT intrusion prevention system (Accessed in January 2007) (2007), http://www.snort.org/
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Chalmers Univ (2000)
Sebring, M.M., Shellhouse, E., Hanna, M.E., Whitehurst, R.A.: Expert systems in intrusion detection: A case study. In: Proceedings of the 11th National Computer Security Conference, Baltimore, Maryland, NIST, pp. 74–81 (1988)
Lunt, T.F., Tamaru, A., Gilham, F., Jagannathan, R., Jalali, C., Neumann, P.G., Javitz, H.S., Valdes, A., Garvey, T.: A real-time intrusion-detection expert system (ides). Technical report, SRI International (1992)
Anderson, D., Lunt, T.F., Javitz, H., Tamaru, A., Valdes, A.: Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-06, Computer Science Laboratory, SRI International, Menlo Park, CA (1995)
Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proc. 20th NIST-NCSC National Information Systems Security Conference, pp. 353–365 (1997)
Asaka, M., Okazawa, S., Taguchi, A., Goto, S.: A method of tracing intruders by use of mobile agents. In: INET 1999 (1999)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Kumar, V., Srivastava, J., Dokas, P.: Minds - minnesota intrusion detection system. In: Next Generation Data Mining, MIT Press, Cambridge (2004)
Keromytis, A.D., Parekh, J., Gross, P.N., Kaiser, G., Misra, V., Nieh, J., Rubenstein, D., Stolfo, S.: A holistic approach to service survivability. In: Proceedings of the 2003 ACM Workshop on Survivable and Self-Regenerative Systems (SSRS), pp. 11–22 (2003)
Sidiroglou, S., Keromytis, A.D.: Countering network worms through automatic patch generation. IEEE Security & Privacy 3, 41–49 (2005)
Walsh, W.E., Wellman, M.P.: A market protocol for distributed task allocation. In: In Third International Conference on Multiagent Systems, Paris (1998)
Sandholm, T.: Distributed Rational Decision Making. In: Weiss, G. (ed.) Multiagent Systems: A Modern Approach to Distributed Artificial Intelligence, pp. 201–258. MIT Press, Cambridge, MA (1999)
Smith, R.G.: The contract net protocol: High level communication and control in a distributed problem solver. IEEE Transactions on Computers C-29, 1104–1113 (1980)
Sandholm, T.W., Lesser, V.R.: Coalitions among computationally bounded agents. Artificial Intelligence 94, 99–137 (1997)
Perugini, D., Lambert, D., Sterling, L., Pearce, A.: Agent-based global transportation scheduling in military logistics. In: AAMAS 2004: Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, pp. 1278–1279. IEEE Computer Society, Washington, DC (2004)
Rehak, M., Pechoucek, M., Volf, P.: Distributed planning algorithm for coalition logistics in semi-trusted environment. In: DIS 2006: Proceedings of the IEEE Workshop on Distributed Intelligent Systems: Collective Intelligence and Its Applications (DIS’06), pp. 265–272. IEEE Computer Society, Washington, DC (2006)
Suri, N., Carvalho, M.M., Bradshaw, J.M., Breedy, M.R., Cowin, T.B., Groth, P.T., Saavedra, R., Uszok, A.: Enforcement of communications policies in software agent systems through mobile code. In: POLICY, pp. 247–250 (2003)
Maes, P.: Computational reflection. Technical report 87-2, Free University of Brussels, AI Lab (1987)
Pěchouček, M., Mařík, V., Bárta, J.: Role of acquaintance models in agent’s private and semi-knowledge disclosure. Knowledge-Based Systems, 259–271 (2006)
Foltýn, L., Tozicka, J., Rollo, M., Pechoucek, M., Jisl, P.: Reflective-cognitive architecture: From abstract concept to self-adapting agent. In: DIS 2006: Proceedings of the Workshop on Distributed Intelligent Systems, IEEE Comp. Soc, Los Alamitos (2006)
Marsh, S.: Formalising trust as a computational concept (1994)
Ramchurn, S., Huynh, D., Jennings, N.R.: Trust in multiagent systems. The Knowledge Engineering Review 19 (2004)
Sabater, J., Sierra, C.: Review on computational trust and reputation models. Artif. Intell. Rev. 24, 33–60 (2005)
Huynh, T.D., Jennings, N.R., Shadbolt, N.R.: An integrated trust and reputation model for open multi-agent systems. Journal of Autonomous Agents and Multi-Agent Systems 13, 119–154 (2006)
Rehák, M., Folt{\’y}n, L., Pechoucek, M., Benda, P.: Trust model for open ubiquitous agent systems. In: Intelligent Agent Technology, 2005 IEEE/WIC/ACM International Conference. Number PR2416, IEEE, Los Alamitos (2005)
Castelfranchi, C., Falcone, R., Pezzulo, G.: Integrating trustfulness and decision using fuzzy cognitive maps. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 195–210. Springer, Heidelberg (2003)
Birk, A.: Boosting cooperation by evolving trust. Applied Artificial Intelligence 14, 769–784 (2000)
Sabater, J., Sierra, C.: Regret: reputation in gregarious societies. In: AGENTS 2001: Proceedings of the fifth international conference on Autonomous agents, pp. 194–195. ACM Press, New York (2001)
Yu, B., Singh, M.P.: Detecting deception in reputation management. In: AAMAS 2003, pp. 73–80. ACM Press, New York (2003)
Josang, A., Gray, E., Kinateder, M.: Simplification and analysis of transitive trust networks. Web Intelligence and Agent Systems 4, 139–162 (2006)
Rehak, M., Gregor, M., Pechoucek, M., Bradshaw, J.M.: Representing context for multiagent trust modeling. In: IEEE/WIC/ACM Intl. Conf. on Intelligent Agent Technology (IAT 2006), pp. 737–746. IEEE Computer Society, USA (2006)
Janakiraman, R., Waldvogel, M., Zhang, Q.: Indra: A peer-to-peer approach to network intrusion detection and prevention. In: Proceedings of IEEE WETICE 2003 (2003)
Rehák, M., Pěchouček, M., Prokopová, M., Foltýn, L., Tožička, J.: Autonomous protection mechanism for joint networks in coalition operations. In: Knowledge Systems for Coalition Operations 2007, Proceedings of KIMAS 2007 (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rehák, M., Pěchouček, M., Medvigy, D., Prokopová, M., Tožička, J., Foltýn, L. (2007). Agent Methods for Network Intrusion Detection and Response. In: Mařík, V., Vyatkin, V., Colombo, A.W. (eds) Holonic and Multi-Agent Systems for Manufacturing. HoloMAS 2007. Lecture Notes in Computer Science(), vol 4659. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74481-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-74481-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74478-8
Online ISBN: 978-3-540-74481-8
eBook Packages: Computer ScienceComputer Science (R0)