You are here:
Publication details
Agent-Based Network Intrusion Detection System
Authors | |
---|---|
Year of publication | 2007 |
Type | Article in Proceedings |
Conference | Intelligent Agent Technology |
MU Faculty or unit | |
Citation | |
Web | http://doi.ieeecomputersociety.org/10.1109/IAT.2007.26 |
Field | Informatics |
Keywords | agent system; intrusion detection; network intrusion detection system |
Description | The paper presents security platform based on agents as an efficient and robust solution for high-performance intrusion detection system designed for deployment on highspeed network links. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. The heterogeneous anomaly detection methods are used by cooperating agents and then correlated using a reputation mechanism. To satisfy the performance requirements, wire-speed data acquisition layer is based on hardware-accelerated Net-Flow probes that provide overview of current network traffic. The output of multi-agent detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of combination of high-speed hardware with agents-based detection and advanced analyst interface. |
Related projects: |