Skip to main content
SpringerLink
Log in

Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches

  • Conference paper
Agents and Data Mining Interaction (ADMI 2011)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 7103))

Included in the following conference series:

Abstract

The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as Intrusion Detection System (IDS). The IDS need to be accurate, adaptive, and extensible. Although many established techniques and commercial products exist, their effectiveness leaves room for improvement. A great deal of research has been carried out on intrusion detection in a distributed environment to palliate the drawbacks of centralized approaches. However, distributed IDS suffer from a number of drawbacks e.g., high rates of false positives, low efficiency, etc. In this paper, we propose a distributed IDS that integrates the desirable features provided by the multi-agent methodology with the high accuracy of data mining techniques. The proposed system relies on a set of intelligent agents that collect and analyze the network connections, and data mining techniques are shown to be useful to detect the intrusions. Carried out experiments showed superior performance of our distributed IDS compared to the centralized one.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules Between Sets of Items in Large Databases. In: Proceedings of the International Conference on Management of Data, Washington, D.C, pp. 207–216 (1993)

    Google Scholar 

  2. Ben Yahia, S., Gasmi, G., Nguifo, E.M.: A New Generic Basis of Factual and Implicative Association rules. Intelligent Data Analysis 13(4), 633–656 (2009)

    Google Scholar 

  3. Bouzida, Y., Cuppens, F.: Detecting known and novel network intrusion. In: Proceedings of the 21st IFIP International Conference on Information Security, Karlstad, Sweden, pp. 258–270 (2006)

    Google Scholar 

  4. Brahmi, I., Yahia, S.B., Poncelet, P.: A Snort-Based Mobile Agent For A Distributed Intrusion Detection System. In: Proceedings of the International Conference on Security and Cryptography, Seville, Spain (to appear, 2011)

    Google Scholar 

  5. Brahmi, I., Yahia, S.B., Poncelet, P.: \(\mathcal{AD}\) - \(\mathcal{C}\) lust: Détection des Anomalies Basée sur le Clustering. In: Atelier Clustering Incrémental et Méthodes de Détection de Nouveauté en conjonction avec 11ème Conférence Francophone d’Extraction et de Gestion de Connaissances EGC 2011, Brest, France, pp. 27–41 (2011)

    Google Scholar 

  6. Chalak, A., Bhosale, R., Harale, N.D.: Effective data mining techniques for intrusion detection and prevention system. In: Proceedings of the International Conference on Advanced Computing, Communication and Networks 2011, Chandugari, India, pp. 1130–1134 (2011)

    Google Scholar 

  7. Chandola, V., Eilertson, E., Ertoz, L., Simon, G., Kumar, V.: Data Mining for Cyber Security. In: Singhal, A. (ed.) Data Warehousing and Data Mining Techniques for Computer Security, pp. 83–103. Springer, Heidelberg (2006)

    Google Scholar 

  8. Christine, D., Hyun Ik, J., Wenjun, Z.: A New Data-Mining Based Approach for Network Intrusion Detection. In: Proceedings of the 7th Annual Conference on Communication Networks and Services Research, Moncton, New Brunswick, Canada, pp. 372–377 (2009)

    Google Scholar 

  9. Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks 31, 805–822 (1999)

    Article  Google Scholar 

  10. Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks. Expert System with Applications 29, 713–722 (2005)

    Article  Google Scholar 

  11. Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise. In: Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining, Portland, Oregon, pp. 226–231 (1996)

    Google Scholar 

  12. Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD Process of Extracting Useful Knowledge from Volumes of Data. Communications of the ACM 39(11), 27–34 (1996)

    Article  Google Scholar 

  13. Forgy, C.: Rete: A Fast Algorithm for the many Pattern/many Object Pattern match Problem. Artificial Intelligence 19(1), 17–37 (1982)

    Article  Google Scholar 

  14. Gopalakrishna, R., Spafford, E.H.: A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agents. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA, USA (2001)

    Google Scholar 

  15. Guan, Y., Ghorbani, A., Belacel, N.: Y-Means: A Clustering Method for Intrusion Detection. In: Proceedings of Canadian Conference on Electrical and Computer Engineering, Montréal, Québec, Canada, pp. 1083–1086 (2003)

    Google Scholar 

  16. Helmer, G., Wong, J.S.K., Honavar, V.G., Miller, L.: Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software 60(3), 165–175 (2002)

    Article  Google Scholar 

  17. Helmy, T.: Adaptive Ensemble Multi-Agent Based Intrusion Detection Model. In: Ragab, K., Helmy, T., Hassanien, A.E. (eds.) Developing Advanced Web Services through P2P Computing and Autonomous Agents: Trends and Innovations, pp. 36–48. IGI Global (2010)

    Google Scholar 

  18. Herrero, Á., Corchado, E.: Multiagent Systems for Network Intrusion Detection: A Review. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) CISIS 09. Advances in Soft Computing, vol. 63, pp. 143–154. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Huang, W., An, Y., Du, W.: A Multi-Agent-based Distributed Intrusion Detection System. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, Chengdu, Sichuan province, China, pp. 141–143 (2010)

    Google Scholar 

  20. Iren, L.-F., Francisco, M.-P., José, M.-G.F., Rogelio, L.-F., Antonio, G.-M.-A.J., Diego, M.-J.: Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics. In: Proceedings of the 10th International Work-Conference on Artificial Neural Networks, Salamanca, Spain, pp. 1296–1303 (2009)

    Google Scholar 

  21. Isaza, G.A., Castillo, A.G., Duque, N.D.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: Proceedings of the 7th International Conference on Practical Applications of Agents and Multi-Agent Systems, PAAMS 2009, Salamanca, Spain, pp. 237–245 (2009)

    Google Scholar 

  22. Kolaczek, G., Juszczyszyn, K.: Attack Pattern Analysis Framework for Multiagent Intrusion Detection System. International Journal of Computational Intelligence Systems 1(3) (2008)

    Google Scholar 

  23. Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. Phd thesis, Columbia University, New York, NY, USA (1999)

    Google Scholar 

  24. Li, T.R., Pan, W.M.: Intrusion Detection System Based on New Association Rule Mining Model. In: Proceedings of the International Conference on Granular Computing, Beijing, China, pp. 512–515 (2005)

    Google Scholar 

  25. Lui, C.-L., Fu, T.-C., Cheung, T.-Y.: Agent-Based Network Intrusion Detection System Using Data Mining Approaches. In: Proceedings of the 3rd International Conference on Information Technology and Applications, Sydney, Australia, pp. 131–136 (2005)

    Google Scholar 

  26. MacQueen, J.B.: Some Methods for Classification and Analysis of Multivariate Observations. In: Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, Berkeley, pp. 281–297 (1967)

    Google Scholar 

  27. Maxion, R.A., Roberts, R.R.: Proper Use of ROC Curves in Intrusion/Anomaly Detection. Technical report series cs-tr-871, School of Computing Science, University of Newcastle upon Tyne (2004)

    Google Scholar 

  28. Mohammed, R.G., Awadelkarim, A.M.: Design and Implementation of a Data Mining-Based Network Intrusion Detection Scheme. Asian Journal of Information Technology 10(4), 136–141 (2011)

    Article  Google Scholar 

  29. Mosqueira-Rey, E., Alonso-Betanzos, A., Guijarro-Berdiñas, B., Alonso-Ríos, D., Lago-Piñeiro, J.: A Snort-based Agent for a JADE Multi-agent Intrusion Detection System. International Journal of Intelligent Information and Database Systems 3(1), 107–121 (2009)

    Google Scholar 

  30. Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: A Self-Organized Multiagent System for Intrusion Detection. In: Proceedings of the 4th International Workshop on Agents and Data Mining Interaction, Budapest, Hungary, pp. 84–94 (2009)

    Google Scholar 

  31. Pasquier, N., Bastide, Y., Taouil, R., Lakhal, L.: Efficient Mining of Association Rules Using Closed Itemset Lattices. Journal of Information Systems 24(1), 25–46 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  32. Patcha, A., Park, J.M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51, 3448–3470 (2007)

    Article  Google Scholar 

  33. Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling Intrusion Detection System Using Hybrid Intelligent Systems. Journal of Network Computer Applications 30, 114–132 (2007)

    Article  Google Scholar 

  34. Portnoy, L., Eskin, E., Stolfo, W.S.J.: Intrusion Detection with Unlabeled Data using Clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA (2001)

    Google Scholar 

  35. Rehák, M., Pechoucek, M., Celeda, P., Novotny, J., Minarik, P.: CAMNEP: Agent-Based Network Intrusion Detection System. In: Proceedings of the 7th International Conference on Autonomous Agents and Multiagent Systems, Estoril, Portugal, pp. 133–136 (2008)

    Google Scholar 

  36. Roesch, M.: Snort - Lightweight Intrusion Detection System for Networks. In: Proceedings of of the 13th USENIX Conference on System Administration (LISA 1999), Seattle, Washington, pp. 229–238 (1999)

    Google Scholar 

  37. Shun, J., Malki, H.A.: Network Intrusion Detection System Using Neural Networks. In: Proceedings of the 4th International Conference on Natural Computation (ICNC 2008), Jinan, China, pp. 242–246 (2008)

    Google Scholar 

  38. Shyu, M.-L., Sainani, V.: A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification. In: Data Mining and Multi-Agent Integration, pp. 127–142. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  39. Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. The International Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)

    Google Scholar 

  40. Stolfo, S., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W., Chan, P.K.: JAM: Java Agents for Meta-Learning over Distributed Databases. In: Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining, Newport Beach, California, pp. 74–81 (1997)

    Google Scholar 

  41. Tsai, F.: Network Intrusion Detection Using Association Rules. International Journal of Recent Trends in Engineering 2(2), 202–204 (2009)

    Google Scholar 

  42. Wooldridge, M.: An Introduction to MultiAgent Systems, 2nd edn. John Wiley and Sons (2009)

    Google Scholar 

  43. Xuren, W., Famei, H., Rongsheng, X.: Modeling Intrusion Detection System by Discovering Association Rule in Rough Set Theory Framework. In: Proceedings of the International Conference on Computational Intelligence for Modelling Control and Automation, Sydney, Australia, pp. 24–29 (2006)

    Google Scholar 

  44. Zhang, Y., Xiong, Z., Wang, X.: Distributed Intrusion Detection Based on Clustering. In: Yeung, D.S., Liu, Z.-Q., Wang, X.-Z., Yan, H. (eds.) ICMLC 2005. LNCS (LNAI), vol. 3930, pp. 2379–2383. Springer, Heidelberg (2006)

    Google Scholar 

  45. Zhao, Z., Guo, S., Xu, Q., Ban, T.: G-Means: A Clustering Algorithm for Intrusion Detection. In: Processing of the 15th International Conference on Advances in Neuro-Information, Auckland, New Zealand, pp. 563–570 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Sciences of Tunis, Tunisia

    Imen Brahmi & Sadok Ben Yahia

  2. ISLAIB, Beja, Tunisia

    Hamed Aouadi

  3. LIRMM UMR CNRS 5506, 161 Rue Ada, Cedex 5, 34392, Montpellier, France

    Pascal Poncelet

Authors
  1. Imen Brahmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sadok Ben Yahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hamed Aouadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pascal Poncelet
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Engineering and Information Technology, University of Technology Sydney, Broadway, PO Box 123, 2007, Sydney, NSW, Australia

    Longbing Cao

  2. Instituto de Informática, Universidade Federal do Rio Grande do Sul (UFRGS), Caixa Postal 15064, 91.501-970, Porto Alegre, RS, Brazil

    Ana L. C. Bazzan

  3. Electrical and Computer Engineering Department, Aristotle University of Thessaloniki, 54124, Thessaloniki, Greece

    Andreas L. Symeonidis

  4. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 39, 14th Liniya, 199178, St. Petersburg, Russia

    Vladimir I. Gorodetsky

  5. Department of Knowledge Engineering, Maastricht University, P.O. Box 616, 6200, Maastricht, MD, The Netherlands

    Gerhard Weiss

  6. Department of Computer Science, University of Illinois at Chicago, 851 S. Morgan Street, Room 1138 SEO, 60607, Chicago, IL, USA

    Philip S. Yu

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Brahmi, I., Ben Yahia, S., Aouadi, H., Poncelet, P. (2012). Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches. In: Cao, L., Bazzan, A.L.C., Symeonidis, A.L., Gorodetsky, V.I., Weiss, G., Yu, P.S. (eds) Agents and Data Mining Interaction. ADMI 2011. Lecture Notes in Computer Science(), vol 7103. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27609-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27609-5_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27608-8

  • Online ISBN: 978-3-642-27609-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation