Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
IEEE Network: The Magazine of Global Internetworking
An intelligent method to block e-mail bombs
Applied Intelligence
DSS for computer security incident response applying CBR and collaborative response
Expert Systems with Applications: An International Journal
Model-driven engineering techniques for the development of multi-agent systems
Engineering Applications of Artificial Intelligence
Building an intrusion detection system based on support vector machine and genetic algorithm
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
| Hi-index | 0.25 |
In this paper we describe the development and testing of an agent-based intrusion detection system for Linux platform. We take a dual-approach to intrusion detection: pre-emptory and reactionary. With the pre-emptory approach, a network-based agent is implemented to monitor all packets entering the network and detect a known attack-based on a pre-defined rule. The reactionary approach is realized through a separate host-based agent to routinely check specific log files in order to detect system anomalies caused by successful attacks. Once a possible intrusion attempt has been detected by either one of the agents, it attempts to block the attack, records the attack details in a system log file, E-mails the system administrator, displays a warning through a graphical warning window. The agents operate in the background of user applications and system software without any noticeable performance effect on them.