Attack abstraction using a multiagent system for intrusion detection

Authors:
M. Zaki;Tarek S. Sobh
Affiliations:
Computer and System Engineering Department, AL-Azhar University, Nasr City, Cairo, Egypt;Information System Department, Egyptian Armed Forces, Cairo, Egypt
Venue:
Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
Year:
2005

Citing 9
Cited 2

Abstraction-based intrusion detection in distributed environments

ACM Transactions on Information and System Security (TISSEC)
Interactive Analysis of Computer Crimes

Computer
CARDS: A Distributed System for Detecting Coordinated Attacks

Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Clustering intrusion detection alarms to support root cause analysis

ACM Transactions on Information and System Security (TISSEC)
Intrusion Detection: A Bioinformatics Approach

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Analyzing Distributed Denial of Service Tools: The Shaft Case

LISA '00 Proceedings of the 14th USENIX conference on System administration
Intrusion detection with mobile agents

Computer Communications
Design and implementation of a decentralized prototype system for detecting distributed attacks

Computer Communications

Distributed architecture for intrusion detection system based on multi-softman

WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Active noise control system via multi-agent credit assignment

Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In security environments many complicated and interrelated software elements, such as firewalls, network scanners, event distributors and authentication tools, should work cooperatively. The proposed model consists of Multiagent Intrusion Detection System (MIDS) for gathering attack information. It provides a software environment that can afford a generalization/specialization process in order to accomplish attack abstraction. Such a model is designed to detect attacks of several protocols, such as Port Activity, SMTP, HTTP, and FTP. The system changes can be obtained by applying an appropriate security auditing policy. As such MIDS includes four agents; 1) Signature Agent (SA), 2) Network Events Agent (NEA), 3) Vulnerability Scan Agent (VSA) and 4) Intrusion Detection Agent (IDA). These agents are running on each host to be monitored.