Abstract
More and more, Intrusion Detection Systems (IDSs) are seen as an important component in comprehensive security solutions. Thus, IDSs are common elements in modern infrastructures to enforce network policies. So far, plenty of techniques have been applied for the detection of intrusions, which has been reported in many surveys. This work focuses the development of network-based IDSs from an architectural point of view, in which multiagent systems are applied for the development of IDSs, presenting an up-to-date revision of the state of the art.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chuvakin, A.: Monitoring IDS. Information Security Journal: A Global Perspective 12(6), 12–16 (2004)
Frank, J.: Artificial Intelligence and Intrusion Detection: Current and Future Directions. In: 17th National Computer Security Conf., Baltimore, MD, vol. 10 (1994)
Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network Intrusion Detection. IEEE Network 8(3), 26–41 (1994)
Engelhardt, D.: Directions for Intrusion Detection and Response: a Survey. Electronics and Surveillance Research Laboratory, Defence Science and Technology Organisation, Department of Defence, Australian Government (1997)
Jones, A., Sielken, R.: Computer System Intrusion Detection: A Survey. White paper. University of Virginia - Computer Science Department (1999)
Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks - the International Journal of Computer and Telecommunications Networking 31(8), 805–822 (1999)
Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report. Chalmers University of Technology. Department of Computer Engineering (2000)
Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028. Carnegie Mellon University - Software Engineering Institute (2000)
McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)
Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25(15), 1356–1365 (2002)
Mukkamala, S., Sung, A.H.: A Comparative Study of Techniques for Intrusion Detection. In: 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 570–577 (2003)
Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Anomaly Detection Methods in Wired Networks: a Survey and Taxonomy. Computer Communications 27(16), 1569–1584 (2004)
Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion Detection: a Survey. In: Managing Cyber Threats: Issues, Approaches, and Challenges 5. Massive Computing, pp. 19–78. Springer, US (2005)
Patcha, A., Park, J.-M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51(12), 3448–3470 (2007)
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security 28(1-2), 18–28 (2009)
Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)
Franklin, S., Graesser, A.: Is It an Agent, or Just a Program? A Taxonomy for Autonomous Agents. In: Jennings, N.R., Wooldridge, M.J., Müller, J.P. (eds.) ECAI-WS 1996 and ATAL 1996. LNCS, vol. 1193, pp. 21–35. Springer, Heidelberg (1997)
Russell, S.J., Norvig, P.: Artificial Intelligence: a Modern Approach. Prentice Hall, Englewood Cliffs (1995)
Weiss, G.: Multiagent Systems: a Modern Approach to Distributed Artificial Intelligence. MIT Press, Cambridge (1999)
Ferber, J.: Multi-agent Systems: an Introduction to Distributed Artificial Intelligence. Addison-Wesley, Reading (1999)
Durfee, E.H., Lesser, V.R.: Negotiating Task Decomposition and Allocation Using Partial Global Planning. In: Distributed Artificial Intelligence, vol. 2. Morgan Kaufmann Publishers Inc., San Francisco (1989)
Jennings, N.R., Sycara, K., Wooldridge, M.: A Roadmap of Agent Research and Development. Autonomous Agents and Multi-Agent Systems 1(1), 7–38 (1998)
Wooldridge, M.: Agent-based Computing. Interoperable Communication Networks 1(1), 71–97 (1998)
Stolfo, S., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W., Chan, P.K.: JAM: Java Agents for Meta-Learning over Distributed Databases. In: Third International Conference on Knowledge Discovery and Data Mining, pp. 74–81 (1997)
Reilly, M., Stillman, M.: Open Infrastructure for Scalable Intrusion Detection. In: IEEE Information Technology Conference, pp. 129–133 (1998)
Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)
Hegazy, I.M., Al-Arif, T., Fayed, Z.T., Faheem, H.M.: A Multi-agent Based System for Intrusion Detection. IEEE Potentials 22(4), 28–31 (2003)
Gorodetski, V., Kotenko, I., Karsaev, O.: Multi-Agent Technologies for Computer Network Security: Attack Simulation, Intrusion Detection and Intrusion Detection Learning. Computer Systems Science and Engineering 18(4), 191–200 (2003)
Miller, P., Inoue, A.: Collaborative Intrusion Detection System. In: 22nd International Conference of the North American Fuzzy Information Processing Society (NAFIPS 2003), pp. 519–524 (2003)
Gorodetsky, V., Karsaev, O., Samoilov, V., Ulanov, A.: Asynchronous alert correlation in multi-agent intrusion detection systems. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 366–379. Springer, Heidelberg (2005)
Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., Yarramsettii, R.: CIDS: An agent-based intrusion detection system. Computers & Security 24(5), 387–398 (2005)
Cougaar: Cognitive Agent Architecture, http://cougaar.org/
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). IETF RFC 4765 (2007)
Gowadia, V., Farkas, C., Valtorta, M.: PAID: A Probabilistic Agent-Based Intrusion Detection system. Computers & Security 24(7), 529–545 (2005)
Tsang, C.-H., Kwong, S.: Multi-agent Intrusion Detection System in Industrial Network using Ant Colony Clustering Approach and Unsupervised Feature Extraction. In: IEEE International Conference on Industrial Technology (ICIT 2005), pp. 51–56 (2005)
Mukkamala, S., Sung, A.H., Abraham, A.: Hybrid Multi-agent Framework for Detection of Stealthy Probes. Applied Soft Computing 7(3), 631–641 (2007)
Herrero, Á., Corchado, E., Pellicer, M.A., Abraham, A.: MOVIH-IDS: A Mobile-Visualization Hybrid Intrusion Detection System. Neurocomputing 72(13-15), 2775–2784 (2009)
Corchado, J.M., Laza, R.: Constructing Deliberative Agents with Case-Based Reasoning Technology. International Journal of Intelligent Systems 18(12), 1227–1241 (2003)
Pellicer, M.A., Corchado, J.M.: Development of CBR-BDI Agents. International Journal of Computer Science and Applications 2(1), 25–32 (2005)
Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)
Jansen, W.A., Karygiannis, T., Marks, D.G.: Applying Mobile Agents to Intrusion Detection and Response. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (1999)
Asaka, M., Taguchi, A., Goto, S.: The Implementation of IDA: An Intrusion Detection Agent System. In: 11th Annual Computer Security Incident Handling Conference, vol. 6 (1999)
De Queiroz, J.D., da Costa Carmo, L.F.R., Pirmez, L.: Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications. In: Second International Workshop on Recent Advances in Intrusion Detection, RAID 1999 (1999)
Mell, P., Marks, D., McLarnon, M.: A Denial-of-service Resistant Intrusion Detection Architecture. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4), 641–658 (2000)
Krügel, C., Toth, T., Kirda, E.: SPARTA: a Mobile Agent Based Instrusion Detection System. In: IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security. IFIP Conference Proceedings, vol. 206, pp. 187–200. Kluwer, Dordrecht (2001)
Dasgupta, D., Brian, H.: Mobile Security Agents for Network Traffic Analysis. In: DARPA Information Survivability Conference & Exposition II (DISCEX 2001), vol. 2, pp. 332–340 (2001)
Helmer, G., Wong, J.S.K., Honavar, V.G., Miller, L.: Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software 60(3), 165–175 (2002)
Helmer, G., Wong, J.S.K., Honavar, V., Miller, L., Wang, Y.: Lightweight Agents for Intrusion Detection. Journal of Systems and Software 67(2), 109–122 (2003)
Li, C., Song, Q., Zhang, C.: MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agents. In: 2nd International Conference on Information Technology for Application (ICITA 2004), pp. 451–455 (2004)
Marks, D.G., Mell, P., Stinson, M.: Optimizing the Scalability of Network Intrusion Detection Systems Using Mobile Agents. Journal of Network and Systems Management 12(1), 95–110 (2004)
Deeter, K., Singh, K., Wilson, S., Filipozzi, L., Vuong, S.T.: APHIDS: A mobile agent-based programmable hybrid intrusion detection system. In: Karmouch, A., Korba, L., Madeira, E.R.M. (eds.) MATA 2004. LNCS, vol. 3284, pp. 244–253. Springer, Heidelberg (2004)
Alam, M.S., Gupta, A., Wires, J., Vuong, S.T.: APHIDS++: Evolution of A programmable hybrid intrusion detection system. In: Magedanz, T., Karmouch, A., Pierre, S., Venieris, I.S. (eds.) MATA 2005. LNCS, vol. 3744, pp. 22–31. Springer, Heidelberg (2005)
Kolaczek, G., Pieczynska-Kuchtiak, A., Juszczyszyn, K., Grzech, A., Katarzyniak, R.P., Nguyen, N.T.: A mobile agent approach to intrusion detection in network systems. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 514–519. Springer, Heidelberg (2005)
Foukia, N.: IDReAM: Intrusion Detection and Response Executed with Agent Mobility Architecture and Implementation. In: Fourth International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS 2005). ACM, The Netherlands (2005)
Alim, A.S.A., Ismail, A.S., Ahmed, S.H.: IDSUDA: An Intrusion Detection System Using Distributed Agents. Journal of Computer Networks and Internet Research 5(1), 1–11 (2005)
Wang, H.Q., Wang, Z.Q., Zhao, Q., Wang, G.F., Zheng, R.J., Liu, D.X.: Mobile agents for network intrusion resistance. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 965–970. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Herrero, Á., Corchado, E. (2009). Multiagent Systems for Network Intrusion Detection: A Review. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-04091-7_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04090-0
Online ISBN: 978-3-642-04091-7
eBook Packages: EngineeringEngineering (R0)