Skip to main content
SpringerLink
Log in

Multi-agent Systems for Dynamic Forensic Investigation

  • Conference paper
  • First Online:
Intelligent Computing Theories and Application (ICIC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9771))

Included in the following conference series:

  • 1874 Accesses

Abstract

In recent years Multi-Agent Systems have proven to be a useful paradigm for areas where inconsistency and uncertainty are the norm. Network security environments suffer from these problems and could benefit from a Multi-Agent model for dynamic forensic investigations. Building upon previous solutions that lack the necessary levels of scalability and autonomy, we present a decentralised model for collecting and analysing network security data to attain higher levels of accuracy and efficiency. The main contributions of the paper are: (i) a Multi-Agent model for the dynamic organisation of agents participating in forensic investigations; (ii) an agent architecture endowed with mechanisms for collecting and analysing network data; (iii) a protocol for allowing agents to coordinate and make collective decisions on the maliciousness of suspicious activity; and (iv) a simulator tool to test the proposed decentralised model, agents and communication protocol under a wide range of circumstances and scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Suspicious activity is defined as any activity that does not appear to fit the norm of the network.

  2. 2.

    A data source is defined to be a source of information that exists, this may be an external data source such as a DNS server or a local source such as connection logs.

References

  1. Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994)

    Article  Google Scholar 

  2. Verwoerd, T., Hunt, R.: Intrusion detection techniques and approaches. Comput. Commun. 25(15), 1356–1365 (2002)

    Article  Google Scholar 

  3. Clint, M.R., Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digit. Evid. 1(3), 1–12 (2002)

    Google Scholar 

  4. Woolridge, M.: An introduction to multiagent systems, 2nd edn. Wiley, Hoboken (2011)

    Google Scholar 

  5. Liao, H.-J., Lin, C.-H.R., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2012)

    Article  Google Scholar 

  6. Corey, V., Peterman, C., Shearin, S., Greenberg, M.S., Van Bokkelen, J.: Network forensics analysis. IEEE Internet Comput. 6(6), 60–66 (2002)

    Article  Google Scholar 

  7. Shakarian, P., Simari, G.I., Moores, G., Parsons, S.: Cyber attribution: an argumentation-based approach. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare, pp. 151–171. Springer, Berlin (2015)

    Google Scholar 

  8. Shakarian, P., Simari, G.I., Moores, G., Parsons, S., Falappa, M.A.: An argumentation-based framework to address the attribution problem in cyber-warfare. CoRR, abs/1404.6699 (2014)

    Google Scholar 

  9. Shakarian, P., Simari, G.I., Falappa, M.A.: Belief revision in structured probabilistic argumentation. In: Beierle, C., Meghini, C. (eds.) FoIKS 2014. LNCS, vol. 8367, pp. 324–343. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  10. Haack, J.N., Fink, G.A., Maiden, W.M., McKinnon, A.D., Templeton, S.J., Fulp, E.W.: Ant-based cyber security. In: Proceedings of - 2011 8th International Conference on Information Technol. New Generations, ITNG 2011, pp. 918–926 (2010)

    Google Scholar 

  11. Jahanbin, A., Ghafarian, A., Seno, S.A.H., Nikookar, S.: A computer forensics approach based on autonomous intelligent multi-agent system. Int. J. Database Theory Appl. 6(5), 1–12 (2013)

    Article  Google Scholar 

  12. Baig, Z.A.: Multi-agent systems for protecting critical infrastructures: a survey. J. Netw. Comput. Appl. 35(3), 1151–1161 (2012)

    Article  MathSciNet  Google Scholar 

  13. Mees, W.: Multi-agent anomaly-based APT detection. In: Proceedings of Information Systems Technology Panel Symposium, pp. 1–10 (2012)

    Google Scholar 

  14. Seresht, N.A., Azmi, R.: MAIS-IDS: a distributed intrusion detection system using multi-agent AIS approach. Eng. Appl. Artif. Intell. 35, 286–298 (2014)

    Article  Google Scholar 

  15. Alkhateeb, F., Al Maghayreh, E., Aljawarneh, S.: A multi agent-based system for securing university campus: Design and architecture. In: 2010 International Conference on Intelligent Systems, Modelling and Simulation, pp. 75–79. IEEE, January 2010

    Google Scholar 

  16. Orfila, A., Carbo, J., Ribagorda, A.: Intrusion detection effectiveness improvement by a multi-agent system. Int. J. Comput. Sci. Appl. 2(1), 1–6 (2005)

    Google Scholar 

  17. Helmer, G., Wong, J.S.K., Honavar, V., Miller, L., Wang, Y.: Lightweight agents for intrusion detection. J. Syst. Softw. 67(2), 109–122 (2003)

    Article  Google Scholar 

  18. Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach. Prentice-Hall, Englewood Cliffs, 25, 27 (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Liverpool John Moores University, Liverpool, UK

    Phillip Kendrick & Abir Jaafar Hussain

  2. Department of Informatics, King’s College London, London, UK

    Natalia Criado

Authors
  1. Phillip Kendrick
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abir Jaafar Hussain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Natalia Criado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Phillip Kendrick .

Editor information

Editors and Affiliations

  1. Tongji University , Shanghai, China

    De-Shuang Huang

  2. Polytechnic of Bari , Bari, Italy

    Vitoantonio Bevilacqua

  3. University of Wollongong , North Wollongong, New South Wales, Australia

    Prashan Premaratne

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kendrick, P., Hussain, A.J., Criado, N. (2016). Multi-agent Systems for Dynamic Forensic Investigation. In: Huang, DS., Bevilacqua, V., Premaratne, P. (eds) Intelligent Computing Theories and Application. ICIC 2016. Lecture Notes in Computer Science(), vol 9771. Springer, Cham. https://doi.org/10.1007/978-3-319-42291-6_79

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-42291-6_79

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-42290-9

  • Online ISBN: 978-3-319-42291-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation