A Snort-based agent for a JADE multi-agent intrusion detection system

Authors:
E. Mosqueira-Rey;A. Alonso-Betanzos;B. Guijarro-Berdinas;D. Alonso-Rios;J. Lago-Pineiro
Affiliations:
Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain.;Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain.;Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain.;Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain.;Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain
Venue:
International Journal of Intelligent Information and Database Systems
Year:
2009

Citing 6
Cited 1

Intrusion detection using autonomous agents

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Lightweight agents for intrusion detection

Journal of Systems and Software
Distributed Hybrid Agent Based Intrusion Detection and Real Time Response System

BROADNETS '04 Proceedings of the First International Conference on Broadband Networks
DIDMA: A Distributed Intrusion Detection System Using Mobile Agents

SNPD-SAWN '05 Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks
Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems

ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A new learning method for single layer neural networks based on a regularized cost function

IWANN'03 Proceedings of the Artificial and natural neural networks 7th international conference on Computational methods in neural modeling - Volume 1

Towards a multiagent-based distributed intrusion detection system using data mining approaches

ADMI'11 Proceedings of the 7th international conference on Agents and Data Mining Interaction

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe the design of a misuse detection agent, one of the distinct agents in a multi-agent-based intrusion detection system. This system is being implemented in JADE, a well-known multi-agent platform based in Java. The agent analyses the packets in the network connections using a packet sniffer and then creates a data model based on the information obtained. This data model is the input to a rule-based inference engine agent, which uses the Rete algorithm for pattern matching and the rules of the signature-based intrusion detection system, Snort. Specifically, an implementation in Java language – the Drools-JBoss Rules – was used and a parser was implemented that converts Snort rules into Drools rules. The use of object-oriented techniques, together with design patterns, means that the agent is flexible, easily configurable and extensible.