Abstract
In recent years Multi-Agent Systems have proven to be a useful paradigm for areas where inconsistency and uncertainty are the norm. Network security environments suffer from these problems and could benefit from a Multi-Agent model for dynamic forensic investigations. Building upon previous solutions that lack the necessary levels of scalability and autonomy, we present a decentralised model for collecting and analysing network security data to attain higher levels of accuracy and efficiency. The main contributions of the paper are: (i) a Multi-Agent model for the dynamic organisation of agents participating in forensic investigations; (ii) an agent architecture endowed with mechanisms for collecting and analysing network data; (iii) a protocol for allowing agents to coordinate and make collective decisions on the maliciousness of suspicious activity; and (iv) a simulator tool to test the proposed decentralised model, agents and communication protocol under a wide range of circumstances and scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Suspicious activity is defined as any activity that does not appear to fit the norm of the network.
- 2.
A data source is defined to be a source of information that exists, this may be an external data source such as a DNS server or a local source such as connection logs.
References
Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994)
Verwoerd, T., Hunt, R.: Intrusion detection techniques and approaches. Comput. Commun. 25(15), 1356–1365 (2002)
Clint, M.R., Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digit. Evid. 1(3), 1–12 (2002)
Woolridge, M.: An introduction to multiagent systems, 2nd edn. Wiley, Hoboken (2011)
Liao, H.-J., Lin, C.-H.R., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2012)
Corey, V., Peterman, C., Shearin, S., Greenberg, M.S., Van Bokkelen, J.: Network forensics analysis. IEEE Internet Comput. 6(6), 60–66 (2002)
Shakarian, P., Simari, G.I., Moores, G., Parsons, S.: Cyber attribution: an argumentation-based approach. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare, pp. 151–171. Springer, Berlin (2015)
Shakarian, P., Simari, G.I., Moores, G., Parsons, S., Falappa, M.A.: An argumentation-based framework to address the attribution problem in cyber-warfare. CoRR, abs/1404.6699 (2014)
Shakarian, P., Simari, G.I., Falappa, M.A.: Belief revision in structured probabilistic argumentation. In: Beierle, C., Meghini, C. (eds.) FoIKS 2014. LNCS, vol. 8367, pp. 324–343. Springer, Heidelberg (2014)
Haack, J.N., Fink, G.A., Maiden, W.M., McKinnon, A.D., Templeton, S.J., Fulp, E.W.: Ant-based cyber security. In: Proceedings of - 2011 8th International Conference on Information Technol. New Generations, ITNG 2011, pp. 918–926 (2010)
Jahanbin, A., Ghafarian, A., Seno, S.A.H., Nikookar, S.: A computer forensics approach based on autonomous intelligent multi-agent system. Int. J. Database Theory Appl. 6(5), 1–12 (2013)
Baig, Z.A.: Multi-agent systems for protecting critical infrastructures: a survey. J. Netw. Comput. Appl. 35(3), 1151–1161 (2012)
Mees, W.: Multi-agent anomaly-based APT detection. In: Proceedings of Information Systems Technology Panel Symposium, pp. 1–10 (2012)
Seresht, N.A., Azmi, R.: MAIS-IDS: a distributed intrusion detection system using multi-agent AIS approach. Eng. Appl. Artif. Intell. 35, 286–298 (2014)
Alkhateeb, F., Al Maghayreh, E., Aljawarneh, S.: A multi agent-based system for securing university campus: Design and architecture. In: 2010 International Conference on Intelligent Systems, Modelling and Simulation, pp. 75–79. IEEE, January 2010
Orfila, A., Carbo, J., Ribagorda, A.: Intrusion detection effectiveness improvement by a multi-agent system. Int. J. Comput. Sci. Appl. 2(1), 1–6 (2005)
Helmer, G., Wong, J.S.K., Honavar, V., Miller, L., Wang, Y.: Lightweight agents for intrusion detection. J. Syst. Softw. 67(2), 109–122 (2003)
Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach. Prentice-Hall, Englewood Cliffs, 25, 27 (1995)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kendrick, P., Hussain, A.J., Criado, N. (2016). Multi-agent Systems for Dynamic Forensic Investigation. In: Huang, DS., Bevilacqua, V., Premaratne, P. (eds) Intelligent Computing Theories and Application. ICIC 2016. Lecture Notes in Computer Science(), vol 9771. Springer, Cham. https://doi.org/10.1007/978-3-319-42291-6_79
Download citation
DOI: https://doi.org/10.1007/978-3-319-42291-6_79
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-42290-9
Online ISBN: 978-3-319-42291-6
eBook Packages: Computer ScienceComputer Science (R0)