Collaborative Attack Detection in High-Speed Networks

Authors:
Martin Rehák;Michal Pěchouček;Pavel Čeleda;Vojtěch Krmíček;Pavel Minařík;David Medvigy
Affiliations:
Center for Applied Cybernetics, Faculty of Electrical Engineering,;Department of Cybernetics, Faculty of Electrical Engineering, Czech Technical University in Prague Technická 2, 166 27 Prague, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Institute of Computer Science, Masaryk University, Botanická 68a, 602 00 Brno, Czech Republic;Department of Cybernetics, Faculty of Electrical Engineering, Czech Technical University in Prague Technická 2, 166 27 Prague, Czech Republic
Venue:
CEEMAS '07 Proceedings of the 5th international Central and Eastern European conference on Multi-Agent Systems and Applications V
Year:
2007

Citing 9
Cited 2

Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Review on Computational Trust and Reputation Models

Artificial Intelligence Review
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Trust Model for Open Ubiquitous Agent Systems

IAT '05 Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent Technology
Impact of packet sampling on anomaly detection metrics

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Representing Context for Multiagent Trust Modeling

IAT '06 Proceedings of the IEEE/WIC/ACM international conference on Intelligent Agent Technology
Reducing unwanted traffic in a backbone network

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Trust Modeling with Context Representation and Generalized Identities

CIA '07 Proceedings of the 11th international workshop on Cooperative Information Agents XI

An orchestration approach for unwanted Internet traffic identification

Computer Networks: The International Journal of Computer and Telecommunications Networking
Review: A survey of network flow applications

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a multi-agent system designed to detect malicious traffic in high-speed networks. In order to match the performance requirements related to the traffic volume, the network traffic data is acquired by hardware accelerated probes in NetFlow format and preprocessed before processing by the detection agent. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. In order to model the traffic, each of the cooperating agents uses an existing anomaly detection method, that are then correlated using a reputation mechanism. The output of the detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of the combination of high-speed hardware with cooperative detection algorithms and advanced analyst interface.