Ontology Based Multi-Agent Intrusion Detection System for Web Service Attacks Using Self Learning

  • Krupa Brahmkstri
  • Devasia Thomas
  • S. T. Sawant
  • Avdhoot Jadhav
  • D. D. Kshirsagar
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 284)

Abstract

Web Services (WS) have become a significant part of the Internet. They employ many features, each of them having specific drawbacks and security threats that are being exploited currently. According to current market researches majority of cyber attacks/exploits are done on these vulnerabilities in WS. Some are direct head on attacks while others are highly coordinated ones. To detect these attacks so that their further attempts can be prevented, highly intelligent Intrusion Detection Systems (IDS) are required. This can be done by having vast databases with high update frequencies or by employing a self learning ontology. Since, rules cannot be added to the database every minute and hence the ontology is preferred since attacks are of varying nature and new forms of attacks arise every day. For coordinated attacks, a single, stand alone IDS’s becomes obsolete here. Hence the use of Distributed Intrusion Detection Systems (DIDS) along with firewalls is essential. The communication between these IDS’s can be done using agents or any set standard of communication between these IDS’s. On recognition of an attack on a single member or number of members of the DIDS System rules are added to the ontology knowledge base and learning occurs. This is the basic idea of an ontology based DIDS. The objective is to detect multiple kinds of attacks with good efficiency in least possible time practically.

References

  1. 1.
    T.F. Gruber, A translation approach to portable ontologies. Knowl. Acquis. 5(2), 199–220 (1993)CrossRefGoogle Scholar
  2. 2.
    A. Vorobiev, J. Han, Security attack ontology for web services, in Proceedings of the Second International Conference on Semantics, Knowledge, and Grid (SKG’06), 2006, Guilin, China, Paper 42, (6 pp.)Google Scholar
  3. 3.
    Mingjun Wei, Guangli Xu, Xuebin Chen, Chaochun Xu, Study on ontology-based intrusion detection, in International Conference on Computer Application and System Modeling (ICCASM), 2010, Taiyuan, China, pp. V10-357–V10-359Google Scholar
  4. 4.
    D. Ye, Q. Bai, M. Zhang, Ontology-based knowledge representation for a P2P multi-agent distributed intrusion detection system, in IFIPA International Conference on Network and Parallel Computing, ed. by J. Cao, M. Li (IEEE Computing Society, Los Alamitos), pp. 111–118Google Scholar
  5. 5.
    F. Abdoli, M. Kahani, Ontology-based distributed intrusion detection system, in Proceedings of the 14th International CSI Computer Conference, 2009 (CSICC 2009), Tehran, Iran, pp. 65–70Google Scholar
  6. 6.
    Y. Lasheng, M. Chantal, Agent based distributed intrusion detection system (ABDIDS), in Second Symposium International Computer Science and Computational Technology (ISCSCT’09), 2009, Huangshan, P.R. China, pp.134–138Google Scholar
  7. 7.
    A. Razzaq, A. Hur, M. Masood, K. Latif, H. Farooq Ahmad, H. Takahashi, Foundation of semantic rule engine to protect web application attacks, in Proceedings of International Symposium on Autonomous Decentralized Systems, (ISADS), 2011, Tokyo & Hiroshima, Japan, pp. 95–102Google Scholar
  8. 8.
    L. Frye, L. Cheng, J. Heflin, An ontology-based system to identify complex network attacks, in IEEE International Conference on Communications (ICC), 2012, Ottawa, pp. 6683–6688Google Scholar
  9. 9.
    R.R. de Azevedo, E.R.G. Dantas, F. Freitas, C. Rodrigues, M.J.S.C. de Almeida, W.C. Veras, R. Santos, An autonomic ontology-based multiagent system for intrusion detection in computing environments. Int. J. Infonomics (IJI). 3(1), (2010)Google Scholar
  10. 10.
    J. Undercoffer, A. Joshi, J. Pinkston, Modeling computer attacks: an ontology for intrusion detection, in RAID, LNCS, vol. 2820 (Springer, Berlin, 2003), pp. 113–135Google Scholar
  11. 11.
    S. Stolfo, A.L. Prodromidis, S. Tselepis, W. Lee, D.W. Fan, P.K. Chan, JAM: Java agents for meta-learning over distributed databases, in Third International Conference on Knowledge Discovery and Data Mining, 1997, Newport Beach, pp. 74–81Google Scholar
  12. 12.
    M. Reilly, M. Stillman, Open infrastructure for scalable intrusion detection, in IEEE Information Technology Conference, 1998, Syracuse, pp. 129–133Google Scholar
  13. 13.
    I.M. Hegazy, T. Al-Arif, Z.T. Fayed, H.M. Faheem, A multi-agent based system for intrusion detection. IEEE Potentials 22(4), 28–31 (2003)CrossRefGoogle Scholar
  14. 14.
    P. Miller, A. Inoue, Collaborative intrusion detection system, in 22nd International Conference of the North American Fuzzy Information Processing Society, 2003, Chicago, pp. 519–524Google Scholar
  15. 15.
    C.-H. Tsang, S. Kwong, Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction, in IEEE International Conference on Industrial Technology (ICIT 2005), 2005, Budapest, Hungary, pp. 51–56Google Scholar
  16. 16.
    S. Mukkamala, A.H. Sung, A. Abraham, Hybrid multi-agent framework for detection of stealthy probes. Appl. Soft Comput. 7(3), 631–641 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Krupa Brahmkstri
    • 1
  • Devasia Thomas
    • 1
  • S. T. Sawant
    • 1
  • Avdhoot Jadhav
    • 1
  • D. D. Kshirsagar
    • 1
  1. 1.Department of Computer Engineering and Information TechnologyCollege of Engineering PunePuneIndia

Personalised recommendations