C4.5: programs for machine learning
C4.5: programs for machine learning
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
LOF: identifying density-based local outliers
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world
ACM Transactions on Internet Technology (TOIT)
The state of the art in agent communication languages
Knowledge and Information Systems
Feature Extraction, Construction and Selection: A Data Mining Perspective
Feature Extraction, Construction and Selection: A Data Mining Perspective
A Social Semantics for Agent Communication Languages
Issues in Agent Communication
Lightweight agents for intrusion detection
Journal of Systems and Software
Distributed Hybrid Agent Based Intrusion Detection and Real Time Response System
BROADNETS '04 Proceedings of the First International Conference on Broadband Networks
DIDMA: A Distributed Intrusion Detection System Using Mobile Agents
SNPD-SAWN '05 Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks
SUTC '06 Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06) - Volume 01
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Active feature selection using classes
PAKDD'03 Proceedings of the 7th Pacific-Asia conference on Advances in knowledge discovery and data mining
Intrusion detection techniques and approaches
Computer Communications
Autonomous decision on intrusion detection with trained BDI agents
Computer Communications
Trust-Based Classifier Combination for Network Anomaly Detection
CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII
Engineering of Software-Intensive Systems: State of the Art and Research Challenges
Software-Intensive Systems and New Computing Paradigms
A Snort-based agent for a JADE multi-agent intrusion detection system
International Journal of Intelligent Information and Database Systems
Intelligent network security assessment with modeling and analysis of attack patterns
Security and Communication Networks
Hi-index | 0.00 |
Recently, network security has become an extremely vital issue that beckons the development of accurate and efficient solutions capable of effectively defending our network systems and the valuable information journeying through them. In this article, a distributed multiagent intrusion detection system (IDS) architecture is proposed, which attempts to provide an accurate and lightweight solution to network intrusion detection by tackling issues associated with the design of a distributed multiagent system, such as poor system scalability and the requirements of excessive processing power and memory storage. The proposed IDS architecture consists of (i) the Host layer with lightweight host agents that perform anomaly detection in network connections to their respective hosts, and (ii) the Classification layer whose main functions are to perform misuse detection for the host agents, detect distributed attacks, and disseminate network security status information to the whole network. The intrusion detection task is achieved through the employment of the lightweight Adaptive Sub-Eigenspace Modeling (ASEM)-based anomaly and misuse detection schemes. Promising experimental results indicate that ASEM-based schemes outperform the KNN and LOF algorithms, with high detection rates and low false alarm rates in the anomaly detection task, and outperform several well-known supervised classification methods such as C4.5 Decision Tree, SVM, NN, KNN, Logistic, and Decision Table (DT) in the misuse detection task. To assess the performance in a real-world scenario, the Relative Assumption Model, feature extraction techniques, and common network attack generation tools are employed to generate normal and anomalous traffic in a private LAN testbed. Furthermore, the scalability performance of the proposed IDS architecture is investigated through the simulation of the proposed agent communication scheme, and satisfactory linear relationships for both degradation of system response time and agent communication generated network traffic overhead are achieved.