Authors: Richard A. Wasniowski

Abstract:

In this paper we propose a framework for multisensor intrusion detection called Fuzzy Agent-Based Intrusion Detection System. A unique feature of this model is that the agent uses data from multiple sensors and the fuzzy logic to process log files. Use of this feature reduces the overhead in a distributed intrusion detection system. We have developed an agent communication architecture that provides a prototype implementation. This paper discusses also the issues of combining intelligent agent technology with the intrusion detection domain.

Keywords: Intrusion detection, fuzzy logic, agents, networksecurity.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1058091

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1870

References:

[1] S. Axelsson. "Intrusion Detection Systems: A Taxonomy and Survey." Technical Report No 99-15, Dept of Computer Engineering, Chalmers University of Technology, Sweden, March 2000
[2] Russell, S. J. & Norvig, P.(1995). Artificial IntelligenceÔÇöA modern approach. Upper saddle River ,NJ:Prentice Hall Inc.
[3] W. Jansen, P. Mell, T. Karygiannis, and D. Marks. "Applying mobile agents to intrusion detection and response." NISTIR-6416, September 1999
[4] Young-Gyun Kim, M. Valtorta, and J. Vomlel. "A Prototypical System for Soft Evidential Update." USC CSCE TR2002-005, Department of Computer Science and Engineering, University of South Carolina, Columbia, 2002.
[5] Steffen L. Lauritzen and David J. Spiegelhalter. "Local Computations with Probabilities on Graphical Structures and their Application to Expert Systems." Journal of the Royal Statistical Society, Series B, 50 (1988), 2, pp.157-224.
[6] W. Lee and S.J. Stolfo. "Data Mining Approaches for Intrusion Detection." In Proc. of the 7th USENIX Security Symp, San Antonio, TX, 1998, pp.79-94
[7] M. Meneganti, F.S. Saviello, and R.Tagliaferri. "Fuzzy Neural Networks for Classification and Detection of Anomalies." IEEE Trans. On Neural Networks, 9/5, 1998, pp. 848-861
[8] S. Northcutt, Network Intrusion Detection: An Analyst's Handbook, New Riders, 1999
[9] J. Moy. OSPF version 2. Internet Draft, RFC-2178, July 1997
[10] Judea Pearl. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan-Kaufmann, 1988.
[11] Studer, R., Benjamins, V. R., Fensel, D. (1998). Knowledge Engineering: Principles and Methods. Data Knowledge Engineering, 25 (1-2).
[12] Marco Valtorta, Young-Gyun Kim, and Jirí Vomlel. "Soft Evidential Update for Probabilistic Multiagent Systems." International Journal of Approximate Reasoning, 29, 1 (January 2002), pp.71-106.
[13] A. Valdes and K. Skinner. "Adaptive, Model-Based Monitoring for Cyber Attack Detection." In Proc. RAID, 2000, pp. 80-92
[14] Wasniowski RA, Agent Based Design Methodology, RAW-TR-00-12
[15] Wasniowski RA, Intrusion Detection System with Fuzzy Logic Agent, RAW-TR-01-09
[16] Wooldridge, M., and Jennings, N. (1995) "Intelligent Agents: Theory and Practice," Knowledge Engineering Review, Vol. 10, No. 2.
[17] J. Allen, A. Christie, W. Fit hen, J. McHugh, J. Pickle, and E. Stoner. State of the practice of intrusion detection technologies. Technical Report CMU/SEI-99-TR-028, Software Engineering Institute, Carnegie Mellon University, January 2000.
[18] T. Bass. Intrusion Detection Systems and Multisensor Data Fusion. Communications of the ACM, 43(4):99-105, April 2000.
[19] T. Bass, Alfredo Freyre, David Gruber, and Glenn Watt. EMail Bombs and Countermeasures: Cyber Attacks on Availability and Brand Integrity. IEEE Network, pages 10-17, March/April 1998.
[20] J. Baras, A. Cardenas, and V. Ramezani. On-line Detection of Distributed Attacks from Space-time Network Flow Patterns. In Proceedings of 24th Army Science Conference, November, 2004.
[21] K.C. Chang, R.K. Saha and Y. Bar-Shalom, On optimal track-to-track fusion. IEEE Transactions on Aerospace and Electronic Systems 33 4 (1997).
[22] H. Chen, T. Kirubarajan, Y. Bar-Shalom, Comparison of Centralized and Distributed Tracking Algorithms Using Air to Air Scenarios, in: Signal and Data Processing of Small Targets 2000, Proceedings of SPIE Vol. 4048, 2000, pp. 440-451
[23] Y. Bar-Shalom, Performance Limits of Track-to-Track Fusion versus Centralized Estimation: Theory and Application, in: Fourth ONR/GTRI Workshop on Target Tracking and Sensor Fusion, May 2001, Monterey, CA.
[24] S. Coraluppi, C. Carthel, M. Mallick, Hierarchical Multi-Hypothesis Tracking with Application to Multi-Scale Sensor Data, to appear in: Proceedings of the 2002 IEEE Aerospace Conference, March 2002, Big Sky MT, USA
[25] M. M. Mizushima, SnortMart, a Network Intrusion Detection System Data Mart, graduate senior project, CSUDH 2005.
[26] Kun-chan Lan, Alefiya Hussain, Debojyoti Dutta, Effect of Malicious Traffic on the Network, presented at PAM2003, the Passive and Active Measurement Workshop, April 6-8, 2003, La Jolla, CA, USA