High-Performance Agent System for Intrusion Detection in Backbone Networks

Authors:
Martin Rehák;Michal Pěchouček;Pavel Čeleda;Vojtěch Krmíček;Jiří Moninec;Tomáš Dymáček;David Medvigy
Affiliations:
Department of Cybernetics and Center for Applied Cybernetics, Faculty of Electrical Engineering, Czech Technical University in Prague, Technická 2, 166 27 Prague, Czech Republic;Department of Cybernetics and Center for Applied Cybernetics, Faculty of Electrical Engineering, Czech Technical University in Prague, Technická 2, 166 27 Prague, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Department of Cybernetics and Center for Applied Cybernetics, Faculty of Electrical Engineering, Czech Technical University in Prague, Technická 2, 166 27 Prague, Czech Republic
Venue:
CIA '07 Proceedings of the 11th international workshop on Cooperative Information Agents XI
Year:
2007

Citing 12
Cited 1

Network Intrusion Detection: An Analyst's Handbook

Network Intrusion Detection: An Analyst's Handbook
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Review on Computational Trust and Reputation Models

Artificial Intelligence Review
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Trust Model for Open Ubiquitous Agent Systems

IAT '05 Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent Technology
Countering Network Worms Through Automatic Patch Generation

IEEE Security and Privacy
Impact of packet sampling on anomaly detection metrics

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Representing Context for Multiagent Trust Modeling

IAT '06 Proceedings of the IEEE/WIC/ACM international conference on Intelligent Agent Technology
Reducing unwanted traffic in a backbone network

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Guest Editors' Introduction: Human-Centered Computing--Toward a Human Revolution

Computer

Trust-Based Classifier Combination for Network Anomaly Detection

CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a design of high-performance agent-based intrusion detection system designed for deployment on high-speed network links. To match the speed requirements, wire-speed data acquisition layer is based on hardware-accelerated NetFlow like probe, which provides overview of current network traffic. The data is then processed by detection agents that use heterogenous anomaly detection methods. These methods are correlated by means of trust and reputation models, and the conclusions regarding the maliciousness of individual network flows is presented to the operator via one or more analysis agents, that automatically gather supplementary information about the potentially malicious traffic from remote data sources such as DNS, whois or router configurations. Presented system is designed to help the network operators efficiently identify malicious flows by automating most of the surveillance process.