Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
CARDS: A Distributed System for Detecting Coordinated Attacks
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Intrusion Detection: A Bioinformatics Approach
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Analyzing Distributed Denial of Service Tools: The Shaft Case
LISA '00 Proceedings of the 14th USENIX conference on System administration
Intrusion detection with mobile agents
Computer Communications
Design and implementation of a decentralized prototype system for detecting distributed attacks
Computer Communications
Distributed architecture for intrusion detection system based on multi-softman
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Active noise control system via multi-agent credit assignment
Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
Hi-index | 0.00 |
In security environments many complicated and interrelated software elements, such as firewalls, network scanners, event distributors and authentication tools, should work cooperatively. The proposed model consists of Multiagent Intrusion Detection System (MIDS) for gathering attack information. It provides a software environment that can afford a generalization/specialization process in order to accomplish attack abstraction. Such a model is designed to detect attacks of several protocols, such as Port Activity, SMTP, HTTP, and FTP. The system changes can be obtained by applying an appropriate security auditing policy. As such MIDS includes four agents; 1) Signature Agent (SA), 2) Network Events Agent (NEA), 3) Vulnerability Scan Agent (VSA) and 4) Intrusion Detection Agent (IDA). These agents are running on each host to be monitored.