Abstract
Distributed Intrusion Detection Systems (DIDS) have been integrated to other techniques to incorporate some degree of adaptability. For instance, IDS and intelligent techniques facilitate the automatic generation of new signatures that allow this hybrid approach to detect and prevent unknown attacks patterns. Additionally, agent based architectures offer capabilities such as autonomy, reactivity, pro-activity, mobility and rationality that are desirables in IDSs. This paper presents an intrusion detection and prevention model that integrates an intelligent multi-agent system. The knowledge model is designed and represented with ontological signature, ontology rule representation for intrusion detection and prevention, and event correlation.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)
Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., et al.: CIDS: An agent-based intrusion detection system. Computer and Security: Science Direct 24(5), 387–398 (2005)
Boukerche, A., Machado, R., Juc, K.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Butterworth-Heinemann, 2649–2660 (2007)
Al-Hamami, A.H., Hashem, S.H.: A Proposed Multi-Agent System for Intrusion Detection System in a Complex Network. In: Information and Communication Technologies, ICTTA 2006, vol. 2, pp. 3552–3556 (2006)
Spafford, E., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)
Orfila, A., Carbo, J., Ribagorda, A.: Autonomous decision on intrusion detection with trained BDI agents. Butterworth-Heinemann, 1803–1813 (2008)
Herrero, A., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization in Innovations in Hybrid Intelligent Systems, pp. 320–328. Springer, Heidelberg (2008)
Spafford, E.: Autonomous Agents for Intrusion Detection. Purdue CERIAS (Center for Education and Research in Information Assurance and Security. Consulted (2008), http://www.cerias.purdue.edu/about/history/coast/projects/aafid.php
Ning, P.: Probalistic states in Network Security. North Carolina State University (2003)
Eid, M.: A New Mobile Agent-Based Intrusion detection System Using distributed Sensors. In: Proceeding of FEASC, pp. 114–125 (2004)
Golovko, V., Kachurka, P., Vaitsekhovich, L.: Neural Network Ensembles for Intrusion Detection. In: 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, IDAACS 2007, pp. 578–583 (2007)
Oksuz, A.: Phd Thesis Unsupervised Intrusion Detection System. Informatics and Mathematical Modelling, Technical University of Denmark (2007)
Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)
Duque, N., Bonilla, C.M., Bohorquez, D., Isaza, G.: Sistema Neuronal de Detección de Intrusos. In: Zapata, C.M.y.G. (ed.) Tendencias en Ingeniería de Software e Inteligencia Artificial, G.M: Medellin (Colombia), vol. 2, pp. 99–105 (2008)
Abadeh, M., Habibi, J., Barzegar, Z., Sergi, M.: A parallel genetic local search algorithm for intrusion detection in computer networks, pp. 1058–1069. Pergamon Press, Inc., Oxford (2007)
Ye, N., Li, X., Emran, S.: Decision Tree for Signature Recognition and State Classification. In: IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, New York, pp. 194–199 (2000)
Garcia, P.: Intensive Use of Bayesian Belief Networks for the Unified, Flexible and Adaptable Analysis of Misuses and Anomalies in Network Intrusion Detection and Prevention Systems. In: Proceedings of the 18th International Conference on Database and Expert Systems Applications. IEEE Computer Society, Los Alamitos (2007)
Kumar, S.: Classification and Detection of Computer Intrusions. Department of Computer Sciences. Purdue University, Purdue (1995)
Li, K., Teng, G.: Unsupervised SVM Based on p-kernels for Anomaly Detection. In: Proceedings of the First International Conference on Innovative Computing, Information and Control, vol. 2. IEEE Computer Society, Los Alamitos (2006)
Zurutuza, U., Uribeetxeberria, R., Fernández, I., Zamboni, D.: Un marco inteligente para el análisis de tráfico generado por gusanos en internet. In: XRECSI X Reunión Espanola sobre Criptología y Seguridad de la Información, Salamanca, pp. 607–618 (2008)
Zurutuza, U., Uribeetxeberria, R., Azketa, E., Gil, G., et al.: Combined Data Mining Approach for Intrusion Detection. In: International Conference on Security and Criptography, Barcelona, Spain (2008)
Mukkamala, S., Sung, A.H., Abraham, A.: Intrusion detection using an ensem-ble of intelligent paradigms. Journal of Network and Computer Applications 28(2), 167–182 (2005)
Tsang, C., Kwong, S., Wang, H.: Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection, pp. 2373–2391. Elsevier Science Inc., Amsterdam (2007)
Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)
Undercoffer, J., Finin, T., Joshi, A., Pinkston, J.: A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors. In: Knowledge Engineering Review - Special Issue on Ontologies for Distributed Systems, pp. 2–22. Cambridge University Press, Cambridge (2005)
Mandujano, S., Galvan, A., Nolazco, J.: An ontology-based multiagent approach to outbound intrusion detection. In: The 3rd ACS/IEEE International Conference on Computer Systems and Applications, p. 94 (2005)
Castillo, A.: Modelos y Plataformas de Agentes Software Móviles e Inteligentes para Gestión del Conocimiento en el Contexto de las Tecnologías de la Información, Departamento de Informática, Universidad Pontificia de Salamanca, Madrid (2004)
Perez, C., Isaza, G., Brito, J.: Aplicación de Redes Neuronales para la detección de intrusos en redes y sistemas de información. Scientia et Technica XI(27), 225–230 (2005)
MathWorks. Neural Network ToolboxTM 6.0 Design and simulate neural networks. Consulted: 2008 (2008), http://www.mathworks.com/products/neuralnet/
Fischer, I., Hennecke, F., Bannes, C., Zell, A.: User Manual, versión 1.1 of JAVA-NNS (Java Neural Network Simulator), University of Tübingen, Wilhelm-Schickard-Institute for Computer Science, Department of Computer Architecture (2002)
DARPA. DARPA Intrusion Detection Evaluation, The 1999 DARPA off-line intrusion detection evaluation, LINCOLN LABORATORY Massachusetts Institute of Technology. Consulted (2008), http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html
Herve, C.: IDSWakeUP. Consulted: 2008 (2002), http://www.hsc.fr/ressources/outils/idswakeup/index.html.en
Mutz, D., Vigna, G., Kemmerer, R.: An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems, Department of Computer Science University of California, Santa Barbara (2003)
LuigiBellifemine, F., Caire, G., Greenwoo, D.: Developing Multi-Agent Systems with JADE. Wiley Series in Agent Technology, vol. 2008 (2007)
Curry, D.A., Debar, H., Feinstein, B.S.: Intrusion Detection Message Exchange Format. Intrusion Detection Working Group – Internet Engineering Task Force, Internet Draft (2004)
JENA. Jena – A Semantic Web Framework for Java. Consulted: Enero 2008 (2007), http://jena.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Isaza, G.A., Castillo, A.G., Duque, N.D. (2009). An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: Demazeau, Y., Pavón, J., Corchado, J.M., Bajo, J. (eds) 7th International Conference on Practical Applications of Agents and Multi-Agent Systems (PAAMS 2009). Advances in Intelligent and Soft Computing, vol 55. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00487-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-00487-2_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00486-5
Online ISBN: 978-3-642-00487-2
eBook Packages: EngineeringEngineering (R0)