Skip to main content
SpringerLink
Log in

Multiagent Systems for Network Intrusion Detection: A Review

  • Conference paper
Computational Intelligence in Security for Information Systems

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 63))

Abstract

More and more, Intrusion Detection Systems (IDSs) are seen as an important component in comprehensive security solutions. Thus, IDSs are common elements in modern infrastructures to enforce network policies. So far, plenty of techniques have been applied for the detection of intrusions, which has been reported in many surveys. This work focuses the development of network-based IDSs from an architectural point of view, in which multiagent systems are applied for the development of IDSs, presenting an up-to-date revision of the state of the art.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chuvakin, A.: Monitoring IDS. Information Security Journal: A Global Perspective 12(6), 12–16 (2004)

    Article  Google Scholar 

  2. Frank, J.: Artificial Intelligence and Intrusion Detection: Current and Future Directions. In: 17th National Computer Security Conf., Baltimore, MD, vol. 10 (1994)

    Google Scholar 

  3. Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network Intrusion Detection. IEEE Network 8(3), 26–41 (1994)

    Article  Google Scholar 

  4. Engelhardt, D.: Directions for Intrusion Detection and Response: a Survey. Electronics and Surveillance Research Laboratory, Defence Science and Technology Organisation, Department of Defence, Australian Government (1997)

    Google Scholar 

  5. Jones, A., Sielken, R.: Computer System Intrusion Detection: A Survey. White paper. University of Virginia - Computer Science Department (1999)

    Google Scholar 

  6. Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks - the International Journal of Computer and Telecommunications Networking 31(8), 805–822 (1999)

    Google Scholar 

  7. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report. Chalmers University of Technology. Department of Computer Engineering (2000)

    Google Scholar 

  8. Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028. Carnegie Mellon University - Software Engineering Institute (2000)

    Google Scholar 

  9. McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)

    MATH  Google Scholar 

  10. Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25(15), 1356–1365 (2002)

    Article  Google Scholar 

  11. Mukkamala, S., Sung, A.H.: A Comparative Study of Techniques for Intrusion Detection. In: 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 570–577 (2003)

    Google Scholar 

  12. Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Anomaly Detection Methods in Wired Networks: a Survey and Taxonomy. Computer Communications 27(16), 1569–1584 (2004)

    Article  Google Scholar 

  13. Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion Detection: a Survey. In: Managing Cyber Threats: Issues, Approaches, and Challenges 5. Massive Computing, pp. 19–78. Springer, US (2005)

    Google Scholar 

  14. Patcha, A., Park, J.-M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51(12), 3448–3470 (2007)

    Article  Google Scholar 

  15. García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security 28(1-2), 18–28 (2009)

    Article  Google Scholar 

  16. Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)

    Google Scholar 

  17. Franklin, S., Graesser, A.: Is It an Agent, or Just a Program? A Taxonomy for Autonomous Agents. In: Jennings, N.R., Wooldridge, M.J., Müller, J.P. (eds.) ECAI-WS 1996 and ATAL 1996. LNCS, vol. 1193, pp. 21–35. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  18. Russell, S.J., Norvig, P.: Artificial Intelligence: a Modern Approach. Prentice Hall, Englewood Cliffs (1995)

    MATH  Google Scholar 

  19. Weiss, G.: Multiagent Systems: a Modern Approach to Distributed Artificial Intelligence. MIT Press, Cambridge (1999)

    Google Scholar 

  20. Ferber, J.: Multi-agent Systems: an Introduction to Distributed Artificial Intelligence. Addison-Wesley, Reading (1999)

    Google Scholar 

  21. Durfee, E.H., Lesser, V.R.: Negotiating Task Decomposition and Allocation Using Partial Global Planning. In: Distributed Artificial Intelligence, vol. 2. Morgan Kaufmann Publishers Inc., San Francisco (1989)

    Google Scholar 

  22. Jennings, N.R., Sycara, K., Wooldridge, M.: A Roadmap of Agent Research and Development. Autonomous Agents and Multi-Agent Systems 1(1), 7–38 (1998)

    Article  Google Scholar 

  23. Wooldridge, M.: Agent-based Computing. Interoperable Communication Networks 1(1), 71–97 (1998)

    Google Scholar 

  24. Stolfo, S., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W., Chan, P.K.: JAM: Java Agents for Meta-Learning over Distributed Databases. In: Third International Conference on Knowledge Discovery and Data Mining, pp. 74–81 (1997)

    Google Scholar 

  25. Reilly, M., Stillman, M.: Open Infrastructure for Scalable Intrusion Detection. In: IEEE Information Technology Conference, pp. 129–133 (1998)

    Google Scholar 

  26. Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)

    Google Scholar 

  27. Hegazy, I.M., Al-Arif, T., Fayed, Z.T., Faheem, H.M.: A Multi-agent Based System for Intrusion Detection. IEEE Potentials 22(4), 28–31 (2003)

    Article  Google Scholar 

  28. Gorodetski, V., Kotenko, I., Karsaev, O.: Multi-Agent Technologies for Computer Network Security: Attack Simulation, Intrusion Detection and Intrusion Detection Learning. Computer Systems Science and Engineering 18(4), 191–200 (2003)

    Google Scholar 

  29. Miller, P., Inoue, A.: Collaborative Intrusion Detection System. In: 22nd International Conference of the North American Fuzzy Information Processing Society (NAFIPS 2003), pp. 519–524 (2003)

    Google Scholar 

  30. Gorodetsky, V., Karsaev, O., Samoilov, V., Ulanov, A.: Asynchronous alert correlation in multi-agent intrusion detection systems. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 366–379. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  31. Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., Yarramsettii, R.: CIDS: An agent-based intrusion detection system. Computers & Security 24(5), 387–398 (2005)

    Article  Google Scholar 

  32. Cougaar: Cognitive Agent Architecture, http://cougaar.org/

  33. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). IETF RFC 4765 (2007)

    Google Scholar 

  34. Gowadia, V., Farkas, C., Valtorta, M.: PAID: A Probabilistic Agent-Based Intrusion Detection system. Computers & Security 24(7), 529–545 (2005)

    Article  Google Scholar 

  35. Tsang, C.-H., Kwong, S.: Multi-agent Intrusion Detection System in Industrial Network using Ant Colony Clustering Approach and Unsupervised Feature Extraction. In: IEEE International Conference on Industrial Technology (ICIT 2005), pp. 51–56 (2005)

    Google Scholar 

  36. Mukkamala, S., Sung, A.H., Abraham, A.: Hybrid Multi-agent Framework for Detection of Stealthy Probes. Applied Soft Computing 7(3), 631–641 (2007)

    Article  Google Scholar 

  37. Herrero, Á., Corchado, E., Pellicer, M.A., Abraham, A.: MOVIH-IDS: A Mobile-Visualization Hybrid Intrusion Detection System. Neurocomputing 72(13-15), 2775–2784 (2009)

    Article  Google Scholar 

  38. Corchado, J.M., Laza, R.: Constructing Deliberative Agents with Case-Based Reasoning Technology. International Journal of Intelligent Systems 18(12), 1227–1241 (2003)

    Article  Google Scholar 

  39. Pellicer, M.A., Corchado, J.M.: Development of CBR-BDI Agents. International Journal of Computer Science and Applications 2(1), 25–32 (2005)

    Google Scholar 

  40. Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)

    Google Scholar 

  41. Jansen, W.A., Karygiannis, T., Marks, D.G.: Applying Mobile Agents to Intrusion Detection and Response. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (1999)

    Google Scholar 

  42. Asaka, M., Taguchi, A., Goto, S.: The Implementation of IDA: An Intrusion Detection Agent System. In: 11th Annual Computer Security Incident Handling Conference, vol. 6 (1999)

    Google Scholar 

  43. De Queiroz, J.D., da Costa Carmo, L.F.R., Pirmez, L.: Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications. In: Second International Workshop on Recent Advances in Intrusion Detection, RAID 1999 (1999)

    Google Scholar 

  44. Mell, P., Marks, D., McLarnon, M.: A Denial-of-service Resistant Intrusion Detection Architecture. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4), 641–658 (2000)

    Google Scholar 

  45. Krügel, C., Toth, T., Kirda, E.: SPARTA: a Mobile Agent Based Instrusion Detection System. In: IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security. IFIP Conference Proceedings, vol. 206, pp. 187–200. Kluwer, Dordrecht (2001)

    Google Scholar 

  46. Dasgupta, D., Brian, H.: Mobile Security Agents for Network Traffic Analysis. In: DARPA Information Survivability Conference & Exposition II (DISCEX 2001), vol. 2, pp. 332–340 (2001)

    Google Scholar 

  47. Helmer, G., Wong, J.S.K., Honavar, V.G., Miller, L.: Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software 60(3), 165–175 (2002)

    Article  Google Scholar 

  48. Helmer, G., Wong, J.S.K., Honavar, V., Miller, L., Wang, Y.: Lightweight Agents for Intrusion Detection. Journal of Systems and Software 67(2), 109–122 (2003)

    Article  Google Scholar 

  49. Li, C., Song, Q., Zhang, C.: MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agents. In: 2nd International Conference on Information Technology for Application (ICITA 2004), pp. 451–455 (2004)

    Google Scholar 

  50. Marks, D.G., Mell, P., Stinson, M.: Optimizing the Scalability of Network Intrusion Detection Systems Using Mobile Agents. Journal of Network and Systems Management 12(1), 95–110 (2004)

    Article  Google Scholar 

  51. Deeter, K., Singh, K., Wilson, S., Filipozzi, L., Vuong, S.T.: APHIDS: A mobile agent-based programmable hybrid intrusion detection system. In: Karmouch, A., Korba, L., Madeira, E.R.M. (eds.) MATA 2004. LNCS, vol. 3284, pp. 244–253. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  52. Alam, M.S., Gupta, A., Wires, J., Vuong, S.T.: APHIDS++: Evolution of A programmable hybrid intrusion detection system. In: Magedanz, T., Karmouch, A., Pierre, S., Venieris, I.S. (eds.) MATA 2005. LNCS, vol. 3744, pp. 22–31. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  53. Kolaczek, G., Pieczynska-Kuchtiak, A., Juszczyszyn, K., Grzech, A., Katarzyniak, R.P., Nguyen, N.T.: A mobile agent approach to intrusion detection in network systems. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 514–519. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  54. Foukia, N.: IDReAM: Intrusion Detection and Response Executed with Agent Mobility Architecture and Implementation. In: Fourth International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS 2005). ACM, The Netherlands (2005)

    Google Scholar 

  55. Alim, A.S.A., Ismail, A.S., Ahmed, S.H.: IDSUDA: An Intrusion Detection System Using Distributed Agents. Journal of Computer Networks and Internet Research 5(1), 1–11 (2005)

    Google Scholar 

  56. Wang, H.Q., Wang, Z.Q., Zhao, Q., Wang, G.F., Zheng, R.J., Liu, D.X.: Mobile agents for network intrusion resistance. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 965–970. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Civil Engineering, University of Burgos, C/ Francisco de Vitoria s/n, 09006, Burgos, Spain

    Álvaro Herrero & Emilio Corchado

Authors
  1. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y, Sistemas Informáticos, Escuela Politécnica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Álvaro Herrero

  2. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Paolo Gastaldo

  3. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Rodolfo Zunino

  4. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y Sistemas Informáticos, Escuela Politénica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Herrero, Á., Corchado, E. (2009). Multiagent Systems for Network Intrusion Detection: A Review. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04091-7_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04090-0

  • Online ISBN: 978-3-642-04091-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation