Abstract
In this work, the design and implementation of a log analyzer agent is described. This agent is conceived to act as a part of a multi-agent Intrusion Detection System. The agent analyzes log files of services, applications or operating systems contrasting every log line with a set of security rules defined by experts. These rules can be created using a new easy to use XML-based format founded on an object-oriented model. Whenever a security match is found, the agent sends a security report to the next level of the multi-agent system using the IDMEF (Intrusion Detection Message Exchange Format) and the IDXP (Intrusion Detection Exchange Protocol).
This work was supported in part by Spanish Ministerio de Ciencia e Innovación under Project Code TIN 2006-02402 and by Xunta de Galicia under Project Code PGIDIT06PXIB105205PR and under the program “Axudas para a consolidación e a estruturación de unidades de investigación competitivas” (code 2007/134), all of them partially supported by the European Union ERDF.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Spafford, E., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks 34(4), 547–570 (2000)
Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection Using Autonomous Agents. CERIAS Technical Report 98/05 42(7) (July 1999)
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report. James P. Anderson Co., Fort Washington PA (April 1980)
Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353–365 (1997)
Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7(1), 37–71 (1999)
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-time. Computer Networks 31(23), 2435–2463 (1999)
Allen, J., McHugh, J., Fithen, W., Christie, A., Pickel, J.: State of the Practice of Intrusion Detection Technologies, Software Engineering Institute. Carnegie Mellon University, Pittsburgh (2000)
Wooldridge, M.: An Introduction to MultiAgent Systems. John Wiley and Sons Ltd., Chichester (2002)
Frincke, D.: A Framework for Cooperative Intrusion Detection. In: Proceedings of the 21st National Information Systems Security Conference (1998)
Lee, W.: Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 49–65. Springer, Heidelberg (2000)
IETF (Internet Engineering Task Force), http://www.ietf.org (cited February 2010)
Gowadia, V., Farkas, C., Valtorta, M.: PAID: A Probabilistic Agent-Based Intrusion Detection System. Computers & Security 24(7), 529–545 (2005)
Do-hyeon, L., Doo-young, K., Jae-il, J.: Mobile Agent Based Intrusion Detection System Adopting Hidden Markov Model. In: Gervasi, O., Gavrilova, M.L. (eds.) ICCSA 2007, Part II. LNCS, vol. 4706, pp. 122–130. Springer, Heidelberg (2007)
Rehak, M., Pěchouček, M., Bartoš, K., Grill, M., Čeleda, P., Krmíček, V.: CAMNEP: An Intrusion Detection System for High-Speed Networks. Progress in Informatics (5), 65–74 (2008)
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (March 2007)
Feinstein, B., Matthews, G.: The Intrusion Detection Exchange Protocol (IDXP). RFC 4767 (March 2007)
XML (Extensible Markup Language), http://www.w3.org/XML/ (cited February 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Porto-Díaz, I., Fontenla-Romero, Ó., Alonso-Betanzos, A. (2010). A Log Analyzer Agent for Intrusion Detection in a Multi-Agent System. In: Setchi, R., Jordanov, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2010. Lecture Notes in Computer Science(), vol 6276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15387-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-15387-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15386-0
Online ISBN: 978-3-642-15387-7
eBook Packages: Computer ScienceComputer Science (R0)