Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Review on Computational Trust and Reputation Models
Artificial Intelligence Review
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Trust Model for Open Ubiquitous Agent Systems
IAT '05 Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent Technology
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Representing Context for Multiagent Trust Modeling
IAT '06 Proceedings of the IEEE/WIC/ACM international conference on Intelligent Agent Technology
Reducing unwanted traffic in a backbone network
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Trust Modeling with Context Representation and Generalized Identities
CIA '07 Proceedings of the 11th international workshop on Cooperative Information Agents XI
An orchestration approach for unwanted Internet traffic identification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Review: A survey of network flow applications
Journal of Network and Computer Applications
Hi-index | 0.00 |
We present a multi-agent system designed to detect malicious traffic in high-speed networks. In order to match the performance requirements related to the traffic volume, the network traffic data is acquired by hardware accelerated probes in NetFlow format and preprocessed before processing by the detection agent. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. In order to model the traffic, each of the cooperating agents uses an existing anomaly detection method, that are then correlated using a reputation mechanism. The output of the detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of the combination of high-speed hardware with cooperative detection algorithms and advanced analyst interface.