Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Cooperative Information Agents

CIA 2008: Cooperative Information Agents XII pp 116–130Cite as

Trust-Based Classifier Combination for Network Anomaly Detection

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5180))

Abstract

We present a method that improves the results of network intrusion detection by integrating several anomaly detection algorithms through trust and reputation models. Our algorithm is based on existing network behavior analysis approaches that are embodied into several detection agents. We divide the processing into three distinct phases: anomaly detection, trust model update and collective trusting decision. Each of these phases contributes to the reduction of classification error rate, by the aggregation of anomaly values provided by individual algorithms, individual update of each agent’s trust model based on distinct traffic representation features (derived from its anomaly detection model), and re-aggregation of the trustfulness data provided by individual agents. The result is a trustfulness score for each network flow, which can be used to guide the manual inspection, thus significantly reducing the amount of traffic to analyze. To evaluate the effectiveness of the method, we present a set of experiments performed on real network data.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (idps). Technical Report 800-94, NIST, US Dept. of Commerce (2007)

    Google Scholar 

  2. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987)

    Article  Google Scholar 

  3. Cisco Systems: Cisco IOS NetFlow (2007), http://www.cisco.com/go/netflow

  4. Čeleda, P., Kováčik, M., Koníř, T., Krmíček, V., Špringl, P., Žádník, M.: FlowMon Probe. Technical Report 31/2006, CESNET, z. s. p. o (2006), http://www.cesnet.cz/doc/techzpravy/2006/flowmon-probe/

  5. Lazarevic, A., Ertöz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the Third SIAM International Conference on Data Mining (2003)

    Google Scholar 

  6. Bragg, R., Rhodes-Ousley, M., Strassberg, K.: Network Security; The Complete Reference. McGraw-Hill, New York (2004)

    Google Scholar 

  7. Sabater, J., Sierra, C.: Review on computational trust and reputation models. Artif. Intell. Rev. 24, 33–60 (2005)

    Article  MATH  Google Scholar 

  8. Sabater, J., Sierra, C.: Reputation and social network analysis in multi-agent systems. In: Proceedings of AAMAS 2002, Bologna, Italy, pp. 475–482 (2002)

    Google Scholar 

  9. Ramchurn, S., Jennings, N., Sierra, C., Godo, L.: Devising a trust model for multi-agent interactions using confidence and reputation. Applied Artificial Intelligence 18, 833–852 (2004)

    Article  Google Scholar 

  10. Castelfranchi, C., Falcone, R.: Principles of trust for mas: Cognitive anatomy, social importance, and quantification. In: Proceedings of the 3rd International Conference on Multi Agent Systems, p. 72. IEEE Computer Society Press, Los Alamitos (1998)

    Chapter  Google Scholar 

  11. Josang, A., Gray, E., Kinateder, M.: Simplification and analysis of transitive trust networks. Web Intelligence and Agent Systems 4, 139–162 (2006)

    Google Scholar 

  12. Huynh, T.D., Jennings, N.R., Shadbolt, N.R.: An integrated trust and reputation model for open multi-agent systems. Journal of Autonomous Agents and Multi-Agent Systems 13, 119–154 (2006)

    Article  Google Scholar 

  13. Rehak, M., Pechoucek, M.: Trust modeling with context representation and generalized identities. In: Klusch, M., Hindriks, K.V., Papazoglou, M.P., Sterling, L. (eds.) CIA 2007. LNCS (LNAI), vol. 4676. Springer, Heidelberg (2007)

    Google Scholar 

  14. Rettinger, A., Nickles, M., Tresp, V.: Learning initial trust among interacting agents. In: Klusch, M., Hindriks, K.V., Papazoglou, M.P., Sterling, L. (eds.) CIA 2007. LNCS (LNAI), vol. 4676, pp. 313–327. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Kumar, V., Srivastava, J., Dokas, P.: MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press, Cambridge (2004)

    Google Scholar 

  16. Xu, K., Zhang, Z.L., Bhattacharrya, S.: Reducing Unwanted Traffic in a Backbone Network. In: USENIX Workshop on Steps to Reduce Unwanted Traffic in the Internet (SRUTI), Boston, MA (2005)

    Google Scholar 

  17. Lakhina, A., Crovella, M., Diot, C.: Diagnosis Network-Wide Traffic Anomalies. In: ACM SIGCOMM 2004, pp. 219–230. ACM Press, New York (2004)

    Chapter  Google Scholar 

  18. Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies using Traffic Feature Distributions. In: ACM SIGCOMM, August 2005, pp. 217–228. ACM Press, New York (2005)

    Google Scholar 

  19. Rehak, M., Pechoucek, M., Bartos, K., Grill, M., Celeda, P.: Network intrusion detection by means of community of trusting agents. In: IEEE/WIC/ACM International Conference on Intelligent Agent Technology (IAT 2007 Main Conference Proceedings) (IAT 2007). IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  20. Rehák, M., Foltýn, L., Pěchouček, M., Benda, P.: Trust Model for Open Ubiquitous Agent Systems. In: Intelligent Agent Technology, 2005 IEEE/WIC/ACM International Conference (2005); Number PR2416 in IEEE

    Google Scholar 

  21. Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, New York (2001)

    MATH  Google Scholar 

  22. Lyon, G.: Nmap, http://insecure.org/nmap/

  23. Yu, B., Singh, M.P.: Detecting deception in reputation management. In: AAMAS 2003, pp. 73–80. ACM Press, New York (2003)

    Chapter  Google Scholar 

  24. Barber, K.S., Kim, J.: Belief revision process based on trust: Agents evaluating reputation of information sources. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) AA-WS 2000. LNCS (LNAI), vol. 2246, pp. 73–82. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  25. Vu, L.-H., Aberer, K.: A probabilistic framework for decentralized management of trust and quality. In: Klusch, M., Hindriks, K.V., Papazoglou, M.P., Sterling, L. (eds.) CIA 2007. LNCS (LNAI), vol. 4676, pp. 328–342. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  26. Kittler, J., Hatef, M., Duin, R.P.W., Matas, J.: On combining classifiers. IEEE Trans. Pattern Anal. Mach. Intell. 20, 226–239 (1998)

    Article  Google Scholar 

  27. Meshulam, R., Reches, S., Yarden, A., Kraus, S.: Mlbp: Mas for large-scale biometric pattern recognition. In: AAMAS 2006: Proceedings of the fifth international joint conference on Autonomous agents and multiagent systems, pp. 1095–1097. ACM Press, New York (2006)

    Chapter  Google Scholar 

  28. Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 01, 146–169 (2004)

    Article  Google Scholar 

  29. Shyu, M.L., Quirino, T., Xie, Z., Chen, S.C., Chang, L.: Network intrusion detection through adaptive sub-eigenspace modeling in multiagent systems. ACM Trans. Auton. Adapt. Syst. 2, 9 (2007)

    Article  Google Scholar 

  30. IETF: RFC 4765:The Intrusion Detection Message Exchange Format (IDMEF), http://tools.ietf.org/rfc/rfc4765.txt

  31. Rehak, M., Pechoucek, M., Celeda, P., Krmicek, V., Moninec, J., Dymacek, T., Medvigy, D.: High-performance agent system for intrusion detection in backbone networks. In: Klusch, M., Hindriks, K.V., Papazoglou, M.P., Sterling, L. (eds.) CIA 2007. LNCS (LNAI), vol. 4676. Springer, Heidelberg (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Cybernetics and Center for Applied Cybernetics, Faculty of Electrical Engineering, Czech Technical University in Prague, Technická 2, 166 27, Prague, Czech Republic

    Martin rehák, Michal pěchouček, Martin Grill & Karel Bartos

  2. CESNET, z. s. p. o., Zikova 4, 160 00, Prague, Czech Republic

    Martin Grill & Karel Bartos

Authors
  1. Martin rehák
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michal pěchouček
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Grill
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Karel Bartos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Matthias Klusch Michal Pěchouček Axel Polleres

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

rehák, M., pěchouček, M., Grill, M., Bartos, K. (2008). Trust-Based Classifier Combination for Network Anomaly Detection. In: Klusch, M., Pěchouček, M., Polleres, A. (eds) Cooperative Information Agents XII. CIA 2008. Lecture Notes in Computer Science(), vol 5180. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85834-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85834-8_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85833-1

  • Online ISBN: 978-3-540-85834-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation