IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Review on Computational Trust and Reputation Models
Artificial Intelligence Review
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Reducing unwanted traffic in a backbone network
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Network Intrusion Detection by Means of Community of Trusting Agents
IAT '07 Proceedings of the 2007 IEEE/WIC/ACM International Conference on Intelligent Agent Technology
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
Effective multimodel anomaly detection using cooperative negotiation
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Towards a multiagent-based distributed intrusion detection system using data mining approaches
ADMI'11 Proceedings of the 7th international conference on Agents and Data Mining Interaction
Hi-index | 0.00 |
We present a prototype of agent-based intrusion detection system designed for deployment on high-speed backbone networks. The main contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm. The anomalies are used as an input for the trust modeling. In this stage, each agent determines the flow trustfulness from aggregated anomalies. The aggregation is performed by extended trust models that model the trustfulness of generalized situated identities, represented by a set of observable features. The system is based on traffic statistics in NetFlow format acquired by dedicated hardware-accelerated network cards, and is able to perform a real-time surveillance of the gigabit networks.