Abstract
The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as Intrusion Detection System (IDS). The IDS need to be accurate, adaptive, and extensible. Although many established techniques and commercial products exist, their effectiveness leaves room for improvement. A great deal of research has been carried out on intrusion detection in a distributed environment to palliate the drawbacks of centralized approaches. However, distributed IDS suffer from a number of drawbacks e.g., high rates of false positives, low efficiency, etc. In this paper, we propose a distributed IDS that integrates the desirable features provided by the multi-agent methodology with the high accuracy of data mining techniques. The proposed system relies on a set of intelligent agents that collect and analyze the network connections, and data mining techniques are shown to be useful to detect the intrusions. Carried out experiments showed superior performance of our distributed IDS compared to the centralized one.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules Between Sets of Items in Large Databases. In: Proceedings of the International Conference on Management of Data, Washington, D.C, pp. 207–216 (1993)
Ben Yahia, S., Gasmi, G., Nguifo, E.M.: A New Generic Basis of Factual and Implicative Association rules. Intelligent Data Analysis 13(4), 633–656 (2009)
Bouzida, Y., Cuppens, F.: Detecting known and novel network intrusion. In: Proceedings of the 21st IFIP International Conference on Information Security, Karlstad, Sweden, pp. 258–270 (2006)
Brahmi, I., Yahia, S.B., Poncelet, P.: A Snort-Based Mobile Agent For A Distributed Intrusion Detection System. In: Proceedings of the International Conference on Security and Cryptography, Seville, Spain (to appear, 2011)
Brahmi, I., Yahia, S.B., Poncelet, P.: \(\mathcal{AD}\) - \(\mathcal{C}\) lust: Détection des Anomalies Basée sur le Clustering. In: Atelier Clustering Incrémental et Méthodes de Détection de Nouveauté en conjonction avec 11ème Conférence Francophone d’Extraction et de Gestion de Connaissances EGC 2011, Brest, France, pp. 27–41 (2011)
Chalak, A., Bhosale, R., Harale, N.D.: Effective data mining techniques for intrusion detection and prevention system. In: Proceedings of the International Conference on Advanced Computing, Communication and Networks 2011, Chandugari, India, pp. 1130–1134 (2011)
Chandola, V., Eilertson, E., Ertoz, L., Simon, G., Kumar, V.: Data Mining for Cyber Security. In: Singhal, A. (ed.) Data Warehousing and Data Mining Techniques for Computer Security, pp. 83–103. Springer, Heidelberg (2006)
Christine, D., Hyun Ik, J., Wenjun, Z.: A New Data-Mining Based Approach for Network Intrusion Detection. In: Proceedings of the 7th Annual Conference on Communication Networks and Services Research, Moncton, New Brunswick, Canada, pp. 372–377 (2009)
Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks 31, 805–822 (1999)
Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks. Expert System with Applications 29, 713–722 (2005)
Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise. In: Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining, Portland, Oregon, pp. 226–231 (1996)
Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD Process of Extracting Useful Knowledge from Volumes of Data. Communications of the ACM 39(11), 27–34 (1996)
Forgy, C.: Rete: A Fast Algorithm for the many Pattern/many Object Pattern match Problem. Artificial Intelligence 19(1), 17–37 (1982)
Gopalakrishna, R., Spafford, E.H.: A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agents. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA, USA (2001)
Guan, Y., Ghorbani, A., Belacel, N.: Y-Means: A Clustering Method for Intrusion Detection. In: Proceedings of Canadian Conference on Electrical and Computer Engineering, Montréal, Québec, Canada, pp. 1083–1086 (2003)
Helmer, G., Wong, J.S.K., Honavar, V.G., Miller, L.: Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software 60(3), 165–175 (2002)
Helmy, T.: Adaptive Ensemble Multi-Agent Based Intrusion Detection Model. In: Ragab, K., Helmy, T., Hassanien, A.E. (eds.) Developing Advanced Web Services through P2P Computing and Autonomous Agents: Trends and Innovations, pp. 36–48. IGI Global (2010)
Herrero, Á., Corchado, E.: Multiagent Systems for Network Intrusion Detection: A Review. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) CISIS 09. Advances in Soft Computing, vol. 63, pp. 143–154. Springer, Heidelberg (2009)
Huang, W., An, Y., Du, W.: A Multi-Agent-based Distributed Intrusion Detection System. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, Chengdu, Sichuan province, China, pp. 141–143 (2010)
Iren, L.-F., Francisco, M.-P., José, M.-G.F., Rogelio, L.-F., Antonio, G.-M.-A.J., Diego, M.-J.: Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics. In: Proceedings of the 10th International Work-Conference on Artificial Neural Networks, Salamanca, Spain, pp. 1296–1303 (2009)
Isaza, G.A., Castillo, A.G., Duque, N.D.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: Proceedings of the 7th International Conference on Practical Applications of Agents and Multi-Agent Systems, PAAMS 2009, Salamanca, Spain, pp. 237–245 (2009)
Kolaczek, G., Juszczyszyn, K.: Attack Pattern Analysis Framework for Multiagent Intrusion Detection System. International Journal of Computational Intelligence Systems 1(3) (2008)
Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. Phd thesis, Columbia University, New York, NY, USA (1999)
Li, T.R., Pan, W.M.: Intrusion Detection System Based on New Association Rule Mining Model. In: Proceedings of the International Conference on Granular Computing, Beijing, China, pp. 512–515 (2005)
Lui, C.-L., Fu, T.-C., Cheung, T.-Y.: Agent-Based Network Intrusion Detection System Using Data Mining Approaches. In: Proceedings of the 3rd International Conference on Information Technology and Applications, Sydney, Australia, pp. 131–136 (2005)
MacQueen, J.B.: Some Methods for Classification and Analysis of Multivariate Observations. In: Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, Berkeley, pp. 281–297 (1967)
Maxion, R.A., Roberts, R.R.: Proper Use of ROC Curves in Intrusion/Anomaly Detection. Technical report series cs-tr-871, School of Computing Science, University of Newcastle upon Tyne (2004)
Mohammed, R.G., Awadelkarim, A.M.: Design and Implementation of a Data Mining-Based Network Intrusion Detection Scheme. Asian Journal of Information Technology 10(4), 136–141 (2011)
Mosqueira-Rey, E., Alonso-Betanzos, A., Guijarro-Berdiñas, B., Alonso-Ríos, D., Lago-Piñeiro, J.: A Snort-based Agent for a JADE Multi-agent Intrusion Detection System. International Journal of Intelligent Information and Database Systems 3(1), 107–121 (2009)
Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: A Self-Organized Multiagent System for Intrusion Detection. In: Proceedings of the 4th International Workshop on Agents and Data Mining Interaction, Budapest, Hungary, pp. 84–94 (2009)
Pasquier, N., Bastide, Y., Taouil, R., Lakhal, L.: Efficient Mining of Association Rules Using Closed Itemset Lattices. Journal of Information Systems 24(1), 25–46 (1999)
Patcha, A., Park, J.M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51, 3448–3470 (2007)
Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling Intrusion Detection System Using Hybrid Intelligent Systems. Journal of Network Computer Applications 30, 114–132 (2007)
Portnoy, L., Eskin, E., Stolfo, W.S.J.: Intrusion Detection with Unlabeled Data using Clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA (2001)
Rehák, M., Pechoucek, M., Celeda, P., Novotny, J., Minarik, P.: CAMNEP: Agent-Based Network Intrusion Detection System. In: Proceedings of the 7th International Conference on Autonomous Agents and Multiagent Systems, Estoril, Portugal, pp. 133–136 (2008)
Roesch, M.: Snort - Lightweight Intrusion Detection System for Networks. In: Proceedings of of the 13th USENIX Conference on System Administration (LISA 1999), Seattle, Washington, pp. 229–238 (1999)
Shun, J., Malki, H.A.: Network Intrusion Detection System Using Neural Networks. In: Proceedings of the 4th International Conference on Natural Computation (ICNC 2008), Jinan, China, pp. 242–246 (2008)
Shyu, M.-L., Sainani, V.: A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification. In: Data Mining and Multi-Agent Integration, pp. 127–142. Springer, Heidelberg (2009)
Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. The International Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)
Stolfo, S., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W., Chan, P.K.: JAM: Java Agents for Meta-Learning over Distributed Databases. In: Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining, Newport Beach, California, pp. 74–81 (1997)
Tsai, F.: Network Intrusion Detection Using Association Rules. International Journal of Recent Trends in Engineering 2(2), 202–204 (2009)
Wooldridge, M.: An Introduction to MultiAgent Systems, 2nd edn. John Wiley and Sons (2009)
Xuren, W., Famei, H., Rongsheng, X.: Modeling Intrusion Detection System by Discovering Association Rule in Rough Set Theory Framework. In: Proceedings of the International Conference on Computational Intelligence for Modelling Control and Automation, Sydney, Australia, pp. 24–29 (2006)
Zhang, Y., Xiong, Z., Wang, X.: Distributed Intrusion Detection Based on Clustering. In: Yeung, D.S., Liu, Z.-Q., Wang, X.-Z., Yan, H. (eds.) ICMLC 2005. LNCS (LNAI), vol. 3930, pp. 2379–2383. Springer, Heidelberg (2006)
Zhao, Z., Guo, S., Xu, Q., Ban, T.: G-Means: A Clustering Algorithm for Intrusion Detection. In: Processing of the 15th International Conference on Advances in Neuro-Information, Auckland, New Zealand, pp. 563–570 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brahmi, I., Ben Yahia, S., Aouadi, H., Poncelet, P. (2012). Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches. In: Cao, L., Bazzan, A.L.C., Symeonidis, A.L., Gorodetsky, V.I., Weiss, G., Yu, P.S. (eds) Agents and Data Mining Interaction. ADMI 2011. Lecture Notes in Computer Science(), vol 7103. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27609-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-27609-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27608-8
Online ISBN: 978-3-642-27609-5
eBook Packages: Computer ScienceComputer Science (R0)