research-article

CAMNEP: agent-based network intrusion detection system

Authors:

Pavel MinarikAuthors Info & Claims

AAMAS '08: Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track

Pages 133 - 136

Published: 12 May 2008 Publication History

Get Access

Abstract

We present a prototype of agent-based intrusion detection system designed for deployment on high-speed backbone networks. The main contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm. The anomalies are used as an input for the trust modeling. In this stage, each agent determines the flow trustfulness from aggregated anomalies. The aggregation is performed by extended trust models that model the trustfulness of generalized situated identities, represented by a set of observable features. The system is based on traffic statistics in NetFlow format acquired by dedicated hardware-accelerated network cards, and is able to perform a real-time surveillance of the gigabit networks.

References

[1]

CESNET, z. s. p. o. Family of COMBO Cards. http://www.liberouter.org/hardware.php, 2007.

Google Scholar

[2]

Cisco Systems. Cisco IOS NetFlow. http://www.cisco.com/go/netflow, 2007.

Google Scholar

[3]

D. E. Denning. An intrusion-detection model. IEEE Trans. Softw. Eng., 13(2):222--232, 1987.

Digital Library

Google Scholar

[4]

L. Ertoz, E. Eilertson, A. Lazarevic, P.-N. Tan, V. Kumar, J. Srivastava, and P. Dokas. MINDS -Minnesota Intrusion Detection System. In Next Generation Data Mining. MIT Press, 2004.

Google Scholar

[5]

A. Lakhina, M. Crovella, and C. Diot. Diagnosis Network-Wide Traffic Anomalies. In ACM SIGCOMM '04, pages 219--230, New York, NY, USA, 2004. ACM Press.

Digital Library

Google Scholar

[6]

A. Lakhina, M. Crovella, and C. Diot. Mining Anomalies using Traffic Feature Distributions. In ACM SIGCOMM, Philadelphia, PA, August 2005, pages 217--228, New York, NY, USA, 2005. ACM Press.

Digital Library

Google Scholar

[7]

S. Northcutt and J. Novak. Network Intrusion Detection: An Analyst's Handbook. New Riders Publishing, Thousand Oaks, CA, USA, 2002.

Digital Library

Google Scholar

[8]

M. Rehak and M. Pechoucek. Trust modeling with context representation and generalized identities. In Cooperative Information Agents XI, number 4676 in LNAI/LNCS. Springer-Verlag, 2007.

Digital Library

Google Scholar

[9]

M. Rehak, M. Pechoucek, K. Bartos, M. Grill, and P. Celeda. Network intrusion detection by means of community of trusting agents. In IEEE/WIC/ACM International Conference on Intelligent Agent Technology (IAT 2007 Main Conference Proceedings) (IAT '07), Los Alamitos, CA, USA, 2007. IEEE Computer Society.

Digital Library

Google Scholar

[10]

J. Sabater and C. Sierra. Review on computational trust and reputation models. Artif. Intell. Rev., 24(1):33--60, 2005.

Digital Library

Google Scholar

[11]

K. Scarfone and P. Mell. Guide to intrusion detection and prevention systems (idps). Technical Report 800--94, NIST, US Dept. of Commerce, 2007.

Digital Library

Google Scholar

[12]

K. Xu, Z.-L. Zhang, and S. Bhattacharrya. Reducing Unwanted Traffic in a Backbone Network. In USENIX Workshop on Steps to Reduce Unwanted Traffic in the Internet (SRUTI), Boston, MA, July 2005.

Digital Library

Google Scholar

Cited By

View all

Volpatto AMaggi FZanero S(2010)Effective multimodel anomaly detection using cooperative negotiationProceedings of the First international conference on Decision and game theory for security10.5555/1947915.1947931(180-191)Online publication date: 22-Nov-2010
https://dl.acm.org/doi/10.5555/1947915.1947931

Index Terms

CAMNEP: agent-based network intrusion detection system
1. Computing methodologies
  1. Artificial intelligence
    1. Distributed artificial intelligence
      1. Intelligent agents

Recommendations

Multi-agent approach to network intrusion detection
AAMAS '08: Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: demo papers

Our demo presents an agent-based intrusion detection system designed for deployment on high-speed backbone networks. The major contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling ...
Using artificial anomalies to detect unknown and known network intrusions

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both ...
A Hybrid Network Intrusion Detection Technique Using Random Forests
ARES '06: Proceedings of the First International Conference on Availability, Reliability and Security

Intrusion detection is important in network security. Most current network intrusion detection systems (NIDSs) employ either misuse detection or anomaly detection. However, misuse detection cannot detect unknown intrusions, and anomaly detection usually ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

AAMAS '08: Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track

May 2008

140 pages

Publisher

International Foundation for Autonomous Agents and Multiagent Systems

Richland, SC

Publication History

Published: 12 May 2008

Check for updates

Author Tags

Qualifiers

Research-article

Conference

AAMAS08

Sponsor:

ACM
AAAI

AAMAS08: 7th International Conference on Autonomous Agents and Multi Agent Systems

May 12 - 16, 2008

Estoril, Portugal

Acceptance Rates

Overall Acceptance Rate 1,155 of 5,036 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
366
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Volpatto AMaggi FZanero S(2010)Effective multimodel anomaly detection using cooperative negotiationProceedings of the First international conference on Decision and game theory for security10.5555/1947915.1947931(180-191)Online publication date: 22-Nov-2010
https://dl.acm.org/doi/10.5555/1947915.1947931

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Multi-agent approach to network intrusion detection

Using artificial anomalies to detect unknown and known network intrusions

A Hybrid Network Intrusion Detection Technique Using Random Forests