Multi-agent Systems for Dynamic Forensic Investigation

  • Phillip KendrickEmail author
  • Abir Jaafar Hussain
  • Natalia Criado
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9771)


In recent years Multi-Agent Systems have proven to be a useful paradigm for areas where inconsistency and uncertainty are the norm. Network security environments suffer from these problems and could benefit from a Multi-Agent model for dynamic forensic investigations. Building upon previous solutions that lack the necessary levels of scalability and autonomy, we present a decentralised model for collecting and analysing network security data to attain higher levels of accuracy and efficiency. The main contributions of the paper are: (i) a Multi-Agent model for the dynamic organisation of agents participating in forensic investigations; (ii) an agent architecture endowed with mechanisms for collecting and analysing network data; (iii) a protocol for allowing agents to coordinate and make collective decisions on the maliciousness of suspicious activity; and (iv) a simulator tool to test the proposed decentralised model, agents and communication protocol under a wide range of circumstances and scenarios.


Forensic investigation Multi-agent system Simulator Cyber security 


  1. 1.
    Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994)CrossRefGoogle Scholar
  2. 2.
    Verwoerd, T., Hunt, R.: Intrusion detection techniques and approaches. Comput. Commun. 25(15), 1356–1365 (2002)CrossRefGoogle Scholar
  3. 3.
    Clint, M.R., Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digit. Evid. 1(3), 1–12 (2002)Google Scholar
  4. 4.
    Woolridge, M.: An introduction to multiagent systems, 2nd edn. Wiley, Hoboken (2011)Google Scholar
  5. 5.
    Liao, H.-J., Lin, C.-H.R., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2012)CrossRefGoogle Scholar
  6. 6.
    Corey, V., Peterman, C., Shearin, S., Greenberg, M.S., Van Bokkelen, J.: Network forensics analysis. IEEE Internet Comput. 6(6), 60–66 (2002)CrossRefGoogle Scholar
  7. 7.
    Shakarian, P., Simari, G.I., Moores, G., Parsons, S.: Cyber attribution: an argumentation-based approach. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare, pp. 151–171. Springer, Berlin (2015)Google Scholar
  8. 8.
    Shakarian, P., Simari, G.I., Moores, G., Parsons, S., Falappa, M.A.: An argumentation-based framework to address the attribution problem in cyber-warfare. CoRR, abs/1404.6699 (2014)Google Scholar
  9. 9.
    Shakarian, P., Simari, G.I., Falappa, M.A.: Belief revision in structured probabilistic argumentation. In: Beierle, C., Meghini, C. (eds.) FoIKS 2014. LNCS, vol. 8367, pp. 324–343. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  10. 10.
    Haack, J.N., Fink, G.A., Maiden, W.M., McKinnon, A.D., Templeton, S.J., Fulp, E.W.: Ant-based cyber security. In: Proceedings of - 2011 8th International Conference on Information Technol. New Generations, ITNG 2011, pp. 918–926 (2010)Google Scholar
  11. 11.
    Jahanbin, A., Ghafarian, A., Seno, S.A.H., Nikookar, S.: A computer forensics approach based on autonomous intelligent multi-agent system. Int. J. Database Theory Appl. 6(5), 1–12 (2013)CrossRefGoogle Scholar
  12. 12.
    Baig, Z.A.: Multi-agent systems for protecting critical infrastructures: a survey. J. Netw. Comput. Appl. 35(3), 1151–1161 (2012)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Mees, W.: Multi-agent anomaly-based APT detection. In: Proceedings of Information Systems Technology Panel Symposium, pp. 1–10 (2012)Google Scholar
  14. 14.
    Seresht, N.A., Azmi, R.: MAIS-IDS: a distributed intrusion detection system using multi-agent AIS approach. Eng. Appl. Artif. Intell. 35, 286–298 (2014)CrossRefGoogle Scholar
  15. 15.
    Alkhateeb, F., Al Maghayreh, E., Aljawarneh, S.: A multi agent-based system for securing university campus: Design and architecture. In: 2010 International Conference on Intelligent Systems, Modelling and Simulation, pp. 75–79. IEEE, January 2010Google Scholar
  16. 16.
    Orfila, A., Carbo, J., Ribagorda, A.: Intrusion detection effectiveness improvement by a multi-agent system. Int. J. Comput. Sci. Appl. 2(1), 1–6 (2005)Google Scholar
  17. 17.
    Helmer, G., Wong, J.S.K., Honavar, V., Miller, L., Wang, Y.: Lightweight agents for intrusion detection. J. Syst. Softw. 67(2), 109–122 (2003)CrossRefGoogle Scholar
  18. 18.
    Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach. Prentice-Hall, Englewood Cliffs, 25, 27 (1995)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Phillip Kendrick
    • 1
    Email author
  • Abir Jaafar Hussain
    • 1
  • Natalia Criado
    • 2
  1. 1.Department of Computer ScienceLiverpool John Moores UniversityLiverpoolUK
  2. 2.Department of InformaticsKing’s College LondonLondonUK

Personalised recommendations