A Multiagent-based Intrusion Detection System with the Support of Multi-Class Supervised Classification

Abstract

The increasing number of network security related incidents have made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). IDSs are expected to analyze a large volume of data while not placing a significantly added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel data mining assisted multiagent-based intrusion detection system (DMAS-IDS) is proposed, particularly with the support of multiclass supervised classification. These agents can detect and take predefined actions against malicious activities, and data mining techniques can help detect them. Our proposed DMAS-IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDS with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on multiagent platform along with a supervised classification technique.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Garuba M., Liu C., Fraites D.: Intrusion techniques: Comparative study of network intrusion detection systems. Fifth International Conference on Information Technology, New Generations, 2008.Google Scholar
  2. 2.
    Ilgun K., Kemmerer R.A., Porras P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21, 3, pages 181–199, 1995.CrossRefGoogle Scholar
  3. 3.
    JAMA (2008) Available at: http://math.nist.gov/javanumerics/jama/
  4. 4.
    Java Agent Development Framework (2008). Available at: http://jade.tilab.com/
  5. 5.
    Jin X., Zhang Y., Zhou Y., Wei Y.: A novel IDS agent distributing protocol for MANETs, V.S. Sunderan et al. (Eds.), ICCS 2005, LNCS 3515, pages 502–509, 2005.Google Scholar
  6. 6.
    JPCAP (2008) Available at: jpcap.sourceforge.net/javadoc/index.htmlGoogle Scholar
  7. 7.
    Kannadiga P., Zulkernine M.: DIDMA: A distributed intrusion detection system using mobile agents, Proceedings of Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks, pp. 238–245, 2005.Google Scholar
  8. 8.
    Kargupta H., Park B., Hershberger D., Johnson E.: Advances in distributed and parallel knowledge discovery, chapter 5, Collective Data Mining: A New Perspective Toward Distributed Data Mining. AAAI/MIT Press, 2000.Google Scholar
  9. 9.
    Klusch M., Lodi S., Moro G.: The role of agents in distributed data mining: Issues and benefits. Proceedings of the IEEE/WIC International Conference on Intelligent Agent Technology (IAT’03), 2003.Google Scholar
  10. 10.
    Kumar S., Spafford E. H.: A software architecture to support misuse intrusion detection. In Proceedings of the 18th National Conference on Information Security. 194–204, 1995.Google Scholar
  11. 11.
    lipeRMI (2006). Available at http://lipermi.sourceforge.net/
  12. 12.
    Marhusin M., Cornforth D., Larkin H.: An overview of recent advances in intrusion detection. CIT, 2008.Google Scholar
  13. 13.
    Pahlevanzadeh, B., Samsudin, A.: Distributed hierarchical IDS for MANET over AODV+, IEEE International Conference on Telecommunications and Malaysia International Conference on Communications, pages 220–225, May 14–17, 2007.Google Scholar
  14. 14.
    Quirino T., Xie Z., Shyu M.-L., Chen S.-C., Chang L.: Collateral representative subspace projection modeling for supervised classification. The Proceedings of 18th IEEE International Conference on Tools with Artificial Intelligence (ICTAI’06), pages 98–105, 2006.Google Scholar
  15. 15.
    Sainani V., Shyu M.-L.: A hybrid layered multiagent architecture with low cost and low response time communication protocol for network intrusion detection systems. The IEEE 23rd International Conference on Advanced Information Networking and Applications, Accepted for publication, 2009.Google Scholar
  16. 16.
    Shyu M.-L., Chen S.-C., Sarinnapakorn K., Chang L.: Principal component-based anomaly detection scheme. Foundations and Novel Approaches in Data Mining, pages 311–329, Springer-Verlag, Vol. 9, 2006.Google Scholar
  17. 17.
    Spafford E., Zamboni D.: Intrusion detection using autonomous agents. Computer Networks 34, 4, 547–570,2000.CrossRefGoogle Scholar
  18. 18.
    Stolfo S., Prodromidis A., Tselepis S., Lee W., Fan D., Chan P.: JAM: Java agents for meta-learning over distributed databases. Proceedings of KDD-97, pages 74–81, Newport Beach, California, USA, 1997.Google Scholar
  19. 19.
    Vaidehi K., Ramamurthy B.: Distributed hybrid agent based intrusion detection and real time response system. Proceedings of the First International Conference on Broadband Networks, pages 739–741, 2004.Google Scholar
  20. 20.
    Xie Z., Quirino T., Shyu M.-L.: A distributed agent-based approach to intrusion detection using the lightweight PCC anomaly detection classifier. Proceedings of the IEEE International Conference on Sensor Networks, Ubiqquitous, and Trustworthy Computing (SUTC’06), pages 446–453, 2006.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringUniversity of MiamiFLUSA

Personalised recommendations