张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

WU Jun,WANG Chong-Jun,WANG Jun,CHEN Shi-Fu

DOI: https://doi.org/10.1109/WI-IATW.2006.61

2006-01-01

Abstract:At present, distributed intrusion detection systems are taking on more and more characteristic of distributing and intelligence. Multi-agent system (MAS), which shows its intelligence by the interaction of a group of intelligent agents, is a popular tool for building novel intrusion detection systems (IDSs). The BDI (belief-desire-intention) model is a well studied architecture of agency for intelligent agents situated in complex and dynamic environments. Traditional MAS-based distributed IDSs commonly do their detection work within a framework that employs the method of distributed data collection and hierarchical data analysis. This is a simple and strict method, but it restricts the characteristic of distributing, intelligence and real-time response badly. In this paper, we present a dynamically-created hierarchical framework, and then bring forward the basic algorithm system to support it. We introduce the opponent BDI model to our agents, and realize the detection based on multi-agent cooperation, which effectively improves the traditional distributed intrusion detection

TAN Min,HU Xiao-long,LIU Lian-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.07.055

2008-01-01

Abstract:In view of the weakness of current intrusion detection system and intrusion analysis method,a distributed fusing multi detection technology intrusion detection system model based on multi-Agent is brought forward.Apart from traditional analysis technology,file integrity analysis method based on mobile agent is added to the analysis Agent too.The model realizes the dist-ribution of intrusion detection,owns good scalability,improves the accuracy of intrusion detection,enhances the intrusion detection system's capability by using multi detection technology.So it can meet extensive security demand of the distributed network envi-ronment.

Ming-lei SHANG,Feng XU,Jing LU,Hao HUANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.09.015

2005-01-01

Abstract:To improve IDS'(Intrution Detection System) robustness in WAN,after analyzing several typical IDS models, MABDIDSM (Mobile Agent Based Distributed Intrusion Detection System Model) protecting from attack is presented in this paper. Mobile agent circles among the consoles in every LAN and collects intrusion events to manager center in MABDIDSM. These intrusion events are analyzed and processed in manager center.If manager center is paralyzed, mobile agent can elect new manager center from remainder consoles. Thus MABDIDSM is equipped with better capacity of protecting from attack in WAN.

Jaydip Sen

DOI: https://doi.org/10.48550/arXiv.1111.0382

2011-11-02

Cryptography and Security

Abstract:The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes which may lead to a single point of failure. In this paper, a distributed intrusion detection architecture is presented that is based on autonomous and cooperating agents without any centralized analysis components. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. A proof-of-concept prototype is developed and experiments have been conducted on it. The results show the effectiveness of the system in detecting intrusive activities.

段海新,吴建平

DOI: https://doi.org/10.13328/j.cnki.jos.2001.09.015

2001-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:An integrative taxonomy for intrusion detection technologies is proposed, which can specify accurately existing intrusion detection methods. Aiming at multiple-domain environments, a distributed cooperative intrusion detection system (DCIDS) is designed, which implements cooperative intrusion detection through efficient, secure information exchange among IDSes in different domain. The architecture of intrusion detection systems is described, as well as its four components: sensor, analyzer, manager and user-interface. Some key issues are also discussed, including secure communication and selection of detection places.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/tsg.2011.2159818

IF: 10.275

2011-01-01

IEEE Transactions on Smart Grid

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.

Jiaqi Li,Zhifeng Zhao,Rongpeng Li

DOI: https://doi.org/10.48550/arxiv.1708.04571

2017-01-01

Abstract:As an inevitable trend of future 5G networks, Software Defined architecture has many advantages in providing central- ized control and flexible resource management. But it is also confronted with various security challenges and potential threats with emerging services and technologies. As the focus of network security, Intrusion Detection Systems (IDS) are usually deployed separately without collaboration. They are also unable to detect novel attacks with limited intelligent abilities, which are hard to meet the needs of software defined 5G. In this paper, we propose an intelligent intrusion system taking the advances of software defined technology and artificial intelligence based on Software Defined 5G architecture. It flexibly combines security function mod- ules which are adaptively invoked under centralized management and control with a globle view. It can also deal with unknown intrusions by using machine learning algorithms. Evaluation results prove that the intelligent intrusion detection system achieves a better performance.

X Jin,YX Zhang,YY Wei

2004-01-01

Abstract:Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs) is becoming an exciting and important technology in very recent years, because the intrusion prevention techniques can not satisfy the security requirements in mission critical systems. Most existing IDSs for MANETs are focusing on the security vigor of the design but losing sight of the network performance aspect. In this paper we propose a cluster-based intrusion detection system for MANETs, which can rectify its detection level dynamically adapting to both the run-time resource constraints and the threat level of the network. Compared with the scheme that each node runs its own IDS, our proposed scheme is more efficient while maintaining the same level of detection rate. While compared with the common cluster-based IDS scheme, this scheme is more flexible when facing the emergent situations. Thus, our scheme effectively balances security strength and network performance in practice.

CAO Zhigang,WANG Shenkang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.058

2005-01-01

Abstract:The framework model proposed in this paper is a distributed intrusion detecting system based on a tridimensional agent.The framework is an open system, which has good scalability. It adopts a central controlling module and a detecting module for side-by-side agent, which can dependently control and process. It also can track in and note the intrusing data, then test it. The state-checking mechanism and policy of authentication in this model ensure the security of the agents themselves and the communication among them.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/PES.2011.6039697

2011-01-01

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless technologies including 802.15.4, 802.11, and the Zigbee protocol. Each of these will expose the power grid to cyber security threats. In order to address this issue, this work proposes a Distributed Intrusion Detection System for Smart Grids (SGDIDS) by developing and deploying an intelligent module, the Analyzing Module (AM) in the multiple layers of smart grids. Multiple AMs will be embedded at each level of the smart grid - the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN) - where they will use Artificial Immune System (AIS) to detect and classify malicious data and possible cyber attacks. AMs at each level will be trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for identifying malicious network traffic and improving system security.

Dong Yongle,Qian Jun,Shi Meilin

DOI: https://doi.org/10.1109/CCECE.2003.1226031

2003-01-01

Abstract:Widespread attacks involving multiple hosts/networks happen more frequently as internetworking among computer systems via the Internet becomes more widely and keeps rapid increase. Due to lack of information, it can be quite difficult for conventional intrusion detection systems to identify such attacks in progress. Cooperative intrusion detection, on the basis of information sharing, is proved as a necessary measure to detect widespread attacks by other researcher D. Frincke (2000), Polla, D. et al., (1998). This paper presents a cooperative approach for intrusion detection that provides a method for individual ID components working cooperatively to perform concerted detections. Being constructed on the basis of ID components, CoIDS can adopt both existed (usually more mature) and new ID techniques. This makes CoIDS extensible and scalable. In addition, an ID component is essentially an autonomous agent, which makes CoIDS available with certain loss of functionality even when the intrusion detection manager does not work. Its reliability is also improved because failure of one ID component will not cause any other to stop working. Furthermore, it improved the accuracy of detection for conventional intrusions by validating analysis result with data from different ID components.

Peng Ning,Sushil Jajodia,Xiaoyang Sean Wang

DOI: https://doi.org/10.1145/503339.503342

2001-01-01

ACM Transactions on Information and System Security

Abstract:Abstraction is an important issue in intrusion detection, since it not only hides the difference between heterogeneous systems, but also allows generic intrusion-detection models. However, abstraction is an error-prone process and is not well supported in current intrusion-detection systems (IDSs). This article presents a hierarchical model to support attack specification and event abstraction in distributed intrusion detection. The model involves three concepts: system view , signature , and view definition . A system view provides an abstract interface of a particular type of information; defined on the instances of system views, a signature specifies certain distributed attacks or events to be monitored; a view definition is then used to derive information from the matches of a signature and presents it through a system view. With the three elements, the model provides a hierarchical framework for maintaining signatures, system views, as well as event abstraction. As a benefit, the model allows generic signatures that can accommodate unknown variants of known attacks. Moreover, abstraction represented by a system view can be updated without changing either its specification or the signatures specified on its basis. This article then presents a decentralized method for autonomous but cooperative component systems to detect distributed attacks specified by signatures. Specifically, a signature is decomposed into finer units, called detection tasks , each of which represents the activity to be monitored on a component system. The component systems (involved in a signature) then perform the detection tasks cooperatively according to the "dependency" relationships among these tasks. An experimental system called CARDS has been implemented to test the feasibility of the proposed approach.

Shi Qingsong,Chen Du,Nan Zhang,Jijun Ma,Tianzhou Chen

DOI: https://doi.org/10.1109/sec.2008.16

2008-01-01

Abstract:Security of embedded systems is becoming more and more important. IDS (instrusion detection system) has been designed to protect systems from being compromised by network attacks. A lot of researches have been done on it. However, most of them focus on complex and time-consuming detection methods to improve accuracy of the system, with assumption that IDS is running under control of general purpose operating systems (GPOS). In this way, the IDS itself will depress overall performance and cannot be guaranteed secure. In this paper, we present an embedded architecture of SPMOS-based IDS. SPMOS, located in SPM, is a little OS running under GPOS. Experiment results show that the architecture is fast. Based on this, we also design a simple IDS and conduct tests by integrating it into SPMOS and GPOS. The former consumes the latter's 8.3% time only, with less than 6.2% overhead, which verifies the architecture proposed is practical and efficient.