Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches

  • Imen Brahmi
  • Sadok Ben Yahia
  • Hamed Aouadi
  • Pascal Poncelet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7103)


The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as Intrusion Detection System (IDS). The IDS need to be accurate, adaptive, and extensible. Although many established techniques and commercial products exist, their effectiveness leaves room for improvement. A great deal of research has been carried out on intrusion detection in a distributed environment to palliate the drawbacks of centralized approaches. However, distributed IDS suffer from a number of drawbacks e.g., high rates of false positives, low efficiency, etc. In this paper, we propose a distributed IDS that integrates the desirable features provided by the multi-agent methodology with the high accuracy of data mining techniques. The proposed system relies on a set of intelligent agents that collect and analyze the network connections, and data mining techniques are shown to be useful to detect the intrusions. Carried out experiments showed superior performance of our distributed IDS compared to the centralized one.


Intrusion Detection System Multi-agents Misuse Detection Anomaly Detection Data Mining Techniques 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules Between Sets of Items in Large Databases. In: Proceedings of the International Conference on Management of Data, Washington, D.C, pp. 207–216 (1993)Google Scholar
  2. 2.
    Ben Yahia, S., Gasmi, G., Nguifo, E.M.: A New Generic Basis of Factual and Implicative Association rules. Intelligent Data Analysis 13(4), 633–656 (2009)Google Scholar
  3. 3.
    Bouzida, Y., Cuppens, F.: Detecting known and novel network intrusion. In: Proceedings of the 21st IFIP International Conference on Information Security, Karlstad, Sweden, pp. 258–270 (2006)Google Scholar
  4. 4.
    Brahmi, I., Yahia, S.B., Poncelet, P.: A Snort-Based Mobile Agent For A Distributed Intrusion Detection System. In: Proceedings of the International Conference on Security and Cryptography, Seville, Spain (to appear, 2011)Google Scholar
  5. 5.
    Brahmi, I., Yahia, S.B., Poncelet, P.: \(\mathcal{AD}\) - \(\mathcal{C}\) lust: Détection des Anomalies Basée sur le Clustering. In: Atelier Clustering Incrémental et Méthodes de Détection de Nouveauté en conjonction avec 11ème Conférence Francophone d’Extraction et de Gestion de Connaissances EGC 2011, Brest, France, pp. 27–41 (2011)Google Scholar
  6. 6.
    Chalak, A., Bhosale, R., Harale, N.D.: Effective data mining techniques for intrusion detection and prevention system. In: Proceedings of the International Conference on Advanced Computing, Communication and Networks 2011, Chandugari, India, pp. 1130–1134 (2011)Google Scholar
  7. 7.
    Chandola, V., Eilertson, E., Ertoz, L., Simon, G., Kumar, V.: Data Mining for Cyber Security. In: Singhal, A. (ed.) Data Warehousing and Data Mining Techniques for Computer Security, pp. 83–103. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    Christine, D., Hyun Ik, J., Wenjun, Z.: A New Data-Mining Based Approach for Network Intrusion Detection. In: Proceedings of the 7th Annual Conference on Communication Networks and Services Research, Moncton, New Brunswick, Canada, pp. 372–377 (2009)Google Scholar
  9. 9.
    Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks 31, 805–822 (1999)CrossRefGoogle Scholar
  10. 10.
    Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks. Expert System with Applications 29, 713–722 (2005)CrossRefGoogle Scholar
  11. 11.
    Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise. In: Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining, Portland, Oregon, pp. 226–231 (1996)Google Scholar
  12. 12.
    Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD Process of Extracting Useful Knowledge from Volumes of Data. Communications of the ACM 39(11), 27–34 (1996)CrossRefGoogle Scholar
  13. 13.
    Forgy, C.: Rete: A Fast Algorithm for the many Pattern/many Object Pattern match Problem. Artificial Intelligence 19(1), 17–37 (1982)CrossRefGoogle Scholar
  14. 14.
    Gopalakrishna, R., Spafford, E.H.: A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agents. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA, USA (2001)Google Scholar
  15. 15.
    Guan, Y., Ghorbani, A., Belacel, N.: Y-Means: A Clustering Method for Intrusion Detection. In: Proceedings of Canadian Conference on Electrical and Computer Engineering, Montréal, Québec, Canada, pp. 1083–1086 (2003)Google Scholar
  16. 16.
    Helmer, G., Wong, J.S.K., Honavar, V.G., Miller, L.: Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software 60(3), 165–175 (2002)CrossRefGoogle Scholar
  17. 17.
    Helmy, T.: Adaptive Ensemble Multi-Agent Based Intrusion Detection Model. In: Ragab, K., Helmy, T., Hassanien, A.E. (eds.) Developing Advanced Web Services through P2P Computing and Autonomous Agents: Trends and Innovations, pp. 36–48. IGI Global (2010)Google Scholar
  18. 18.
    Herrero, Á., Corchado, E.: Multiagent Systems for Network Intrusion Detection: A Review. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) CISIS 09. Advances in Soft Computing, vol. 63, pp. 143–154. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Huang, W., An, Y., Du, W.: A Multi-Agent-based Distributed Intrusion Detection System. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, Chengdu, Sichuan province, China, pp. 141–143 (2010)Google Scholar
  20. 20.
    Iren, L.-F., Francisco, M.-P., José, M.-G.F., Rogelio, L.-F., Antonio, G.-M.-A.J., Diego, M.-J.: Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics. In: Proceedings of the 10th International Work-Conference on Artificial Neural Networks, Salamanca, Spain, pp. 1296–1303 (2009)Google Scholar
  21. 21.
    Isaza, G.A., Castillo, A.G., Duque, N.D.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: Proceedings of the 7th International Conference on Practical Applications of Agents and Multi-Agent Systems, PAAMS 2009, Salamanca, Spain, pp. 237–245 (2009)Google Scholar
  22. 22.
    Kolaczek, G., Juszczyszyn, K.: Attack Pattern Analysis Framework for Multiagent Intrusion Detection System. International Journal of Computational Intelligence Systems 1(3) (2008)Google Scholar
  23. 23.
    Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. Phd thesis, Columbia University, New York, NY, USA (1999)Google Scholar
  24. 24.
    Li, T.R., Pan, W.M.: Intrusion Detection System Based on New Association Rule Mining Model. In: Proceedings of the International Conference on Granular Computing, Beijing, China, pp. 512–515 (2005)Google Scholar
  25. 25.
    Lui, C.-L., Fu, T.-C., Cheung, T.-Y.: Agent-Based Network Intrusion Detection System Using Data Mining Approaches. In: Proceedings of the 3rd International Conference on Information Technology and Applications, Sydney, Australia, pp. 131–136 (2005)Google Scholar
  26. 26.
    MacQueen, J.B.: Some Methods for Classification and Analysis of Multivariate Observations. In: Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, Berkeley, pp. 281–297 (1967)Google Scholar
  27. 27.
    Maxion, R.A., Roberts, R.R.: Proper Use of ROC Curves in Intrusion/Anomaly Detection. Technical report series cs-tr-871, School of Computing Science, University of Newcastle upon Tyne (2004)Google Scholar
  28. 28.
    Mohammed, R.G., Awadelkarim, A.M.: Design and Implementation of a Data Mining-Based Network Intrusion Detection Scheme. Asian Journal of Information Technology 10(4), 136–141 (2011)CrossRefGoogle Scholar
  29. 29.
    Mosqueira-Rey, E., Alonso-Betanzos, A., Guijarro-Berdiñas, B., Alonso-Ríos, D., Lago-Piñeiro, J.: A Snort-based Agent for a JADE Multi-agent Intrusion Detection System. International Journal of Intelligent Information and Database Systems 3(1), 107–121 (2009)Google Scholar
  30. 30.
    Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: A Self-Organized Multiagent System for Intrusion Detection. In: Proceedings of the 4th International Workshop on Agents and Data Mining Interaction, Budapest, Hungary, pp. 84–94 (2009)Google Scholar
  31. 31.
    Pasquier, N., Bastide, Y., Taouil, R., Lakhal, L.: Efficient Mining of Association Rules Using Closed Itemset Lattices. Journal of Information Systems 24(1), 25–46 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Patcha, A., Park, J.M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51, 3448–3470 (2007)CrossRefGoogle Scholar
  33. 33.
    Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling Intrusion Detection System Using Hybrid Intelligent Systems. Journal of Network Computer Applications 30, 114–132 (2007)CrossRefGoogle Scholar
  34. 34.
    Portnoy, L., Eskin, E., Stolfo, W.S.J.: Intrusion Detection with Unlabeled Data using Clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA (2001)Google Scholar
  35. 35.
    Rehák, M., Pechoucek, M., Celeda, P., Novotny, J., Minarik, P.: CAMNEP: Agent-Based Network Intrusion Detection System. In: Proceedings of the 7th International Conference on Autonomous Agents and Multiagent Systems, Estoril, Portugal, pp. 133–136 (2008)Google Scholar
  36. 36.
    Roesch, M.: Snort - Lightweight Intrusion Detection System for Networks. In: Proceedings of of the 13th USENIX Conference on System Administration (LISA 1999), Seattle, Washington, pp. 229–238 (1999)Google Scholar
  37. 37.
    Shun, J., Malki, H.A.: Network Intrusion Detection System Using Neural Networks. In: Proceedings of the 4th International Conference on Natural Computation (ICNC 2008), Jinan, China, pp. 242–246 (2008)Google Scholar
  38. 38.
    Shyu, M.-L., Sainani, V.: A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification. In: Data Mining and Multi-Agent Integration, pp. 127–142. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  39. 39.
    Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. The International Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)Google Scholar
  40. 40.
    Stolfo, S., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W., Chan, P.K.: JAM: Java Agents for Meta-Learning over Distributed Databases. In: Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining, Newport Beach, California, pp. 74–81 (1997)Google Scholar
  41. 41.
    Tsai, F.: Network Intrusion Detection Using Association Rules. International Journal of Recent Trends in Engineering 2(2), 202–204 (2009)Google Scholar
  42. 42.
    Wooldridge, M.: An Introduction to MultiAgent Systems, 2nd edn. John Wiley and Sons (2009)Google Scholar
  43. 43.
    Xuren, W., Famei, H., Rongsheng, X.: Modeling Intrusion Detection System by Discovering Association Rule in Rough Set Theory Framework. In: Proceedings of the International Conference on Computational Intelligence for Modelling Control and Automation, Sydney, Australia, pp. 24–29 (2006)Google Scholar
  44. 44.
    Zhang, Y., Xiong, Z., Wang, X.: Distributed Intrusion Detection Based on Clustering. In: Yeung, D.S., Liu, Z.-Q., Wang, X.-Z., Yan, H. (eds.) ICMLC 2005. LNCS (LNAI), vol. 3930, pp. 2379–2383. Springer, Heidelberg (2006)Google Scholar
  45. 45.
    Zhao, Z., Guo, S., Xu, Q., Ban, T.: G-Means: A Clustering Algorithm for Intrusion Detection. In: Processing of the 15th International Conference on Advances in Neuro-Information, Auckland, New Zealand, pp. 563–570 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Imen Brahmi
    • 1
  • Sadok Ben Yahia
    • 1
  • Hamed Aouadi
    • 2
  • Pascal Poncelet
    • 3
  1. 1.Faculty of Sciences of TunisTunisia
  2. 2.ISLAIBBejaTunisia
  3. 3.LIRMM UMR CNRS 5506MontpellierFrance

Personalised recommendations