An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies

  • Gustavo A. Isaza
  • Andrés G. Castillo
  • Néstor D. Duque
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 55)


Distributed Intrusion Detection Systems (DIDS) have been integrated to other techniques to incorporate some degree of adaptability. For instance, IDS and intelligent techniques facilitate the automatic generation of new signatures that allow this hybrid approach to detect and prevent unknown attacks patterns. Additionally, agent based architectures offer capabilities such as autonomy, reactivity, pro-activity, mobility and rationality that are desirables in IDSs. This paper presents an intrusion detection and prevention model that integrates an intelligent multi-agent system. The knowledge model is designed and represented with ontological signature, ontology rule representation for intrusion detection and prevention, and event correlation.


Multi-agent systems Intrusion Prevention Intrusion Detection Systems Ontology Intelligent Security correlation alarms 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)zbMATHGoogle Scholar
  2. 2.
    Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., et al.: CIDS: An agent-based intrusion detection system. Computer and Security: Science Direct 24(5), 387–398 (2005)Google Scholar
  3. 3.
    Boukerche, A., Machado, R., Juc, K.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Butterworth-Heinemann, 2649–2660 (2007)Google Scholar
  4. 4.
    Al-Hamami, A.H., Hashem, S.H.: A Proposed Multi-Agent System for Intrusion Detection System in a Complex Network. In: Information and Communication Technologies, ICTTA 2006, vol. 2, pp. 3552–3556 (2006)Google Scholar
  5. 5.
    Spafford, E., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)CrossRefGoogle Scholar
  6. 6.
    Orfila, A., Carbo, J., Ribagorda, A.: Autonomous decision on intrusion detection with trained BDI agents. Butterworth-Heinemann, 1803–1813 (2008)Google Scholar
  7. 7.
    Herrero, A., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization in Innovations in Hybrid Intelligent Systems, pp. 320–328. Springer, Heidelberg (2008)Google Scholar
  8. 8.
    Spafford, E.: Autonomous Agents for Intrusion Detection. Purdue CERIAS (Center for Education and Research in Information Assurance and Security. Consulted (2008),
  9. 9.
    Ning, P.: Probalistic states in Network Security. North Carolina State University (2003)Google Scholar
  10. 10.
    Eid, M.: A New Mobile Agent-Based Intrusion detection System Using distributed Sensors. In: Proceeding of FEASC, pp. 114–125 (2004)Google Scholar
  11. 11.
    Golovko, V., Kachurka, P., Vaitsekhovich, L.: Neural Network Ensembles for Intrusion Detection. In: 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, IDAACS 2007, pp. 578–583 (2007)Google Scholar
  12. 12.
    Oksuz, A.: Phd Thesis Unsupervised Intrusion Detection System. Informatics and Mathematical Modelling, Technical University of Denmark (2007)Google Scholar
  13. 13.
    Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Duque, N., Bonilla, C.M., Bohorquez, D., Isaza, G.: Sistema Neuronal de Detección de Intrusos. In: Zapata, C.M.y.G. (ed.) Tendencias en Ingeniería de Software e Inteligencia Artificial, G.M: Medellin (Colombia), vol. 2, pp. 99–105 (2008)Google Scholar
  15. 15.
    Abadeh, M., Habibi, J., Barzegar, Z., Sergi, M.: A parallel genetic local search algorithm for intrusion detection in computer networks, pp. 1058–1069. Pergamon Press, Inc., Oxford (2007)Google Scholar
  16. 16.
    Ye, N., Li, X., Emran, S.: Decision Tree for Signature Recognition and State Classification. In: IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, New York, pp. 194–199 (2000)Google Scholar
  17. 17.
    Garcia, P.: Intensive Use of Bayesian Belief Networks for the Unified, Flexible and Adaptable Analysis of Misuses and Anomalies in Network Intrusion Detection and Prevention Systems. In: Proceedings of the 18th International Conference on Database and Expert Systems Applications. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  18. 18.
    Kumar, S.: Classification and Detection of Computer Intrusions. Department of Computer Sciences. Purdue University, Purdue (1995)Google Scholar
  19. 19.
    Li, K., Teng, G.: Unsupervised SVM Based on p-kernels for Anomaly Detection. In: Proceedings of the First International Conference on Innovative Computing, Information and Control, vol. 2. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  20. 20.
    Zurutuza, U., Uribeetxeberria, R., Fernández, I., Zamboni, D.: Un marco inteligente para el análisis de tráfico generado por gusanos en internet. In: XRECSI X Reunión Espanola sobre Criptología y Seguridad de la Información, Salamanca, pp. 607–618 (2008)Google Scholar
  21. 21.
    Zurutuza, U., Uribeetxeberria, R., Azketa, E., Gil, G., et al.: Combined Data Mining Approach for Intrusion Detection. In: International Conference on Security and Criptography, Barcelona, Spain (2008)Google Scholar
  22. 22.
    Mukkamala, S., Sung, A.H., Abraham, A.: Intrusion detection using an ensem-ble of intelligent paradigms. Journal of Network and Computer Applications 28(2), 167–182 (2005)CrossRefGoogle Scholar
  23. 23.
    Tsang, C., Kwong, S., Wang, H.: Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection, pp. 2373–2391. Elsevier Science Inc., Amsterdam (2007)Google Scholar
  24. 24.
    Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)Google Scholar
  25. 25.
    Undercoffer, J., Finin, T., Joshi, A., Pinkston, J.: A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors. In: Knowledge Engineering Review - Special Issue on Ontologies for Distributed Systems, pp. 2–22. Cambridge University Press, Cambridge (2005)Google Scholar
  26. 26.
    Mandujano, S., Galvan, A., Nolazco, J.: An ontology-based multiagent approach to outbound intrusion detection. In: The 3rd ACS/IEEE International Conference on Computer Systems and Applications, p. 94 (2005)Google Scholar
  27. 27.
    Castillo, A.: Modelos y Plataformas de Agentes Software Móviles e Inteligentes para Gestión del Conocimiento en el Contexto de las Tecnologías de la Información, Departamento de Informática, Universidad Pontificia de Salamanca, Madrid (2004)Google Scholar
  28. 28.
    Perez, C., Isaza, G., Brito, J.: Aplicación de Redes Neuronales para la detección de intrusos en redes y sistemas de información. Scientia et Technica  XI(27), 225–230 (2005)Google Scholar
  29. 29.
    MathWorks. Neural Network ToolboxTM 6.0 Design and simulate neural networks. Consulted: 2008 (2008),
  30. 30.
    Fischer, I., Hennecke, F., Bannes, C., Zell, A.: User Manual, versión 1.1 of JAVA-NNS (Java Neural Network Simulator), University of Tübingen, Wilhelm-Schickard-Institute for Computer Science, Department of Computer Architecture (2002)Google Scholar
  31. 31.
    DARPA. DARPA Intrusion Detection Evaluation, The 1999 DARPA off-line intrusion detection evaluation, LINCOLN LABORATORY Massachusetts Institute of Technology. Consulted (2008),
  32. 32.
    Herve, C.: IDSWakeUP. Consulted: 2008 (2002),
  33. 33.
    Mutz, D., Vigna, G., Kemmerer, R.: An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems, Department of Computer Science University of California, Santa Barbara (2003)Google Scholar
  34. 34.
    LuigiBellifemine, F., Caire, G., Greenwoo, D.: Developing Multi-Agent Systems with JADE. Wiley Series in Agent Technology, vol. 2008 (2007)Google Scholar
  35. 35.
    Curry, D.A., Debar, H., Feinstein, B.S.: Intrusion Detection Message Exchange Format. Intrusion Detection Working Group – Internet Engineering Task Force, Internet Draft (2004)Google Scholar
  36. 36.
    JENA. Jena – A Semantic Web Framework for Java. Consulted: Enero 2008 (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Gustavo A. Isaza
    • 1
  • Andrés G. Castillo
    • 2
  • Néstor D. Duque
    • 3
  1. 1.Departamento de Sistemas e InformáticaUniversidad de CaldasManizalesColombia
  2. 2.Departamento de Lenguajes y Sistemas Informáticos e Ingeniería del SoftwareUniversidad Pontificia de SalamancaMadridSpain
  3. 3.Departamento de Administración de SistemasUniversidad Nacional de Colombia, Sede ManizalesColombia

Personalised recommendations