Skip to main content
SpringerLink
Log in

A Log Analyzer Agent for Intrusion Detection in a Multi-Agent System

  • Conference paper
Knowledge-Based and Intelligent Information and Engineering Systems (KES 2010)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6276))

Abstract

In this work, the design and implementation of a log analyzer agent is described. This agent is conceived to act as a part of a multi-agent Intrusion Detection System. The agent analyzes log files of services, applications or operating systems contrasting every log line with a set of security rules defined by experts. These rules can be created using a new easy to use XML-based format founded on an object-oriented model. Whenever a security match is found, the agent sends a security report to the next level of the multi-agent system using the IDMEF (Intrusion Detection Message Exchange Format) and the IDXP (Intrusion Detection Exchange Protocol).

This work was supported in part by Spanish Ministerio de Ciencia e Innovación under Project Code TIN 2006-02402 and by Xunta de Galicia under Project Code PGIDIT06PXIB105205PR and under the program “Axudas para a consolidación e a estruturación de unidades de investigación competitivas” (code 2007/134), all of them partially supported by the European Union ERDF.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Spafford, E., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks 34(4), 547–570 (2000)

    Article  Google Scholar 

  2. Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection Using Autonomous Agents. CERIAS Technical Report 98/05 42(7) (July 1999)

    Google Scholar 

  3. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report. James P. Anderson Co., Fort Washington PA (April 1980)

    Google Scholar 

  4. Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353–365 (1997)

    Google Scholar 

  5. Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7(1), 37–71 (1999)

    Google Scholar 

  6. Paxson, V.: Bro: A System for Detecting Network Intruders in Real-time. Computer Networks 31(23), 2435–2463 (1999)

    Article  Google Scholar 

  7. Allen, J., McHugh, J., Fithen, W., Christie, A., Pickel, J.: State of the Practice of Intrusion Detection Technologies, Software Engineering Institute. Carnegie Mellon University, Pittsburgh (2000)

    Google Scholar 

  8. Wooldridge, M.: An Introduction to MultiAgent Systems. John Wiley and Sons Ltd., Chichester (2002)

    Google Scholar 

  9. Frincke, D.: A Framework for Cooperative Intrusion Detection. In: Proceedings of the 21st National Information Systems Security Conference (1998)

    Google Scholar 

  10. Lee, W.: Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 49–65. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. IETF (Internet Engineering Task Force), http://www.ietf.org (cited February 2010)

  12. Gowadia, V., Farkas, C., Valtorta, M.: PAID: A Probabilistic Agent-Based Intrusion Detection System. Computers & Security 24(7), 529–545 (2005)

    Article  Google Scholar 

  13. Do-hyeon, L., Doo-young, K., Jae-il, J.: Mobile Agent Based Intrusion Detection System Adopting Hidden Markov Model. In: Gervasi, O., Gavrilova, M.L. (eds.) ICCSA 2007, Part II. LNCS, vol. 4706, pp. 122–130. Springer, Heidelberg (2007)

    Google Scholar 

  14. Rehak, M., Pěchouček, M., Bartoš, K., Grill, M., Čeleda, P., Krmíček, V.: CAMNEP: An Intrusion Detection System for High-Speed Networks. Progress in Informatics (5), 65–74 (2008)

    Google Scholar 

  15. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (March 2007)

    Google Scholar 

  16. Feinstein, B., Matthews, G.: The Intrusion Detection Exchange Protocol (IDXP). RFC 4767 (March 2007)

    Google Scholar 

  17. XML (Extensible Markup Language), http://www.w3.org/XML/ (cited February 2010)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of A Coruña, Spain

    Iago Porto-Díaz, Óscar Fontenla-Romero & Amparo Alonso-Betanzos

Authors
  1. Iago Porto-Díaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Óscar Fontenla-Romero
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amparo Alonso-Betanzos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering, The Parade, Cardiff University, CF24 3AA, Cardiff, UK

    Rossitza Setchi

  2. Dept. of Computer Science and Software Engineering, BUckingham Building, Lion Terrace, University of Portsmouth, PO1 3HE, Portsmouth, UK

    Ivan Jordanov

  3. KES International, 145-157, St. John Street, EC1V 4PY, London, UK

    Robert J. Howlett

  4. School of Electrical and Information Engineering, University of South Australia, ,, Adelaide, Mawson Lakes Campus, 5095, SA, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Porto-Díaz, I., Fontenla-Romero, Ó., Alonso-Betanzos, A. (2010). A Log Analyzer Agent for Intrusion Detection in a Multi-Agent System. In: Setchi, R., Jordanov, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2010. Lecture Notes in Computer Science(), vol 6276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15387-7_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15387-7_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15386-0

  • Online ISBN: 978-3-642-15387-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation