CAMNEP: agent-based network intrusion detection system

Authors:
Martin Rehak;Michal Pechoucek;Pavel Celeda;Jiri Novotny;Pavel Minarik
Affiliations:
Czech Technical University in Prague;Czech Technical University in Prague;ICS, Masaryk University;Masaryk University;ICS, Masaryk University
Venue:
Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems: industrial track
Year:
2008

Citing 8
Cited 2

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Network Intrusion Detection: An Analyst's Handbook

Network Intrusion Detection: An Analyst's Handbook
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Review on Computational Trust and Reputation Models

Artificial Intelligence Review
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Reducing unwanted traffic in a backbone network

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Network Intrusion Detection by Means of Community of Trusting Agents

IAT '07 Proceedings of the 2007 IEEE/WIC/ACM International Conference on Intelligent Agent Technology
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

Effective multimodel anomaly detection using cooperative negotiation

GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Towards a multiagent-based distributed intrusion detection system using data mining approaches

ADMI'11 Proceedings of the 7th international conference on Agents and Data Mining Interaction

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a prototype of agent-based intrusion detection system designed for deployment on high-speed backbone networks. The main contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm. The anomalies are used as an input for the trust modeling. In this stage, each agent determines the flow trustfulness from aggregated anomalies. The aggregation is performed by extended trust models that model the trustfulness of generalized situated identities, represented by a set of observable features. The system is based on traffic statistics in NetFlow format acquired by dedicated hardware-accelerated network cards, and is able to perform a real-time surveillance of the gigabit networks.