A Distributed Agent-Based Approach to Intrusion Detection Using the Lightweight PCC Anomaly Detection Classifier

  • Authors:

  • Zongxing Xie;Thiago Quirino;Mei-Ling Shyu;Shu-Ching Chen;LiWu Chang

  • Affiliations:

  • University of Miami, Coral Gables, FL 33124, USA;University of Miami, Coral Gables, FL 33124, USA;University of Miami, Coral Gables, FL 33124, USA;Florida International University, Miami;Naval Research Laboratory, Washington, DC

  • Venue:
  • SUTC '06 Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06) - Volume 01
  • Year:
  • 2006

Quantified Score

Hi-index 0.01

Visualization

Abstract

In this paper, a novel agent-based distributed intrusion detection system (IDS) is proposed, which integrates the desirable features provided by the distributed agent-based design methodology with the high accuracy and speed response of the Principal Component Classifier (PCC). Experimental results have shown that the PCC lightweight anomaly detection classifier outperforms other existing anomaly detection algorithms such as the KNN and LOF classifiers. In order to assess the performance of the PCC classifier on a real network environment, the Relative Assumption Model together with feature extraction techniques are used to generate normal and anomalous traffic in a LAN testbed. Finally, scalability and response performance of the proposed system are investigated through the simulation of the proposed communication architecture. The simulation results demonstrate a satisfactory linear relationship between the degradation of response performance and the scalability of the system.