Publication details

Agent-Based Network Intrusion Detection System

Authors

KRMÍČEK Vojtěch ČELEDA Pavel REHÁK Martin PĚCHOUČEK Michal

Year of publication 2007
Type Article in Proceedings
Conference Intelligent Agent Technology
MU Faculty or unit

Faculty of Informatics

Citation
Web http://doi.ieeecomputersociety.org/10.1109/IAT.2007.26
Field Informatics
Keywords agent system; intrusion detection; network intrusion detection system
Description The paper presents security platform based on agents as an efficient and robust solution for high-performance intrusion detection system designed for deployment on highspeed network links. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. The heterogeneous anomaly detection methods are used by cooperating agents and then correlated using a reputation mechanism. To satisfy the performance requirements, wire-speed data acquisition layer is based on hardware-accelerated Net-Flow probes that provide overview of current network traffic. The output of multi-agent detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of combination of high-speed hardware with agents-based detection and advanced analyst interface.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info