Bot detection evasion: a case study on local-host alert correlation bot detection methods
Security and Communication Networks
| Hi-index | 0.00 |
In this paper, we present a model, an architecture and an implementation of a Remote IDS (Intrusion Detection System) using the technology of Multi-agent Systems, Web Services and MDA (Model-Driven Architecture). This model adapts and extends the NIDIA (Network Intrusion Detection System based on Intelligent Agents) to provide a remote IDS on the Internet. The purpose is that users that do not have a local IDS can use the services provided by our remote IDS. NIDIA is an IDS whose architecture consists of a set of cooperative agents. The IDS functionalities are provided as a set of accessible services on the Internet through Web Services. The architecture of our IDS uses MDA to support metadata management such as profiles of machines, profiles of users and profiles of services. An illustrative example shows our IDS.