张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

Chen Min

2002-01-01

Abstract:In recent years, intrusion detection systems, being the important part of the information security system, have gained extensive attentions. Many different intrusion detection technologies come into being. This paper presents an architecture of Intrusion Detection Systems (IDS) based on autonomous agents. The distributed architecture paves the way in that IDSes can avoid the single point failure of the distributed systems, balance the system load and improve the efficiency, to meet the requirements of modern computer and network technologies.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

DING Guo-liang,WANG Xi-wu,CHEN Kai-yan,WANG Jia-zhen

DOI: https://doi.org/10.3969/j.issn.1001-9383.2006.01.004

2006-01-01

Abstract:The problems of existing Intrusion detection system(IDS)is analyzed,a kind of distributed architecture of uniting the level and equal structures,is put forward,and the realizations of detection agent and communication protocol are given.The experiments proves this the system may carry out intrusion detection under distributed net- work environment.

WU Jun,WANG Chong-Jun,WANG Jun,CHEN Shi-Fu

DOI: https://doi.org/10.1109/WI-IATW.2006.61

2006-01-01

Abstract:At present, distributed intrusion detection systems are taking on more and more characteristic of distributing and intelligence. Multi-agent system (MAS), which shows its intelligence by the interaction of a group of intelligent agents, is a popular tool for building novel intrusion detection systems (IDSs). The BDI (belief-desire-intention) model is a well studied architecture of agency for intelligent agents situated in complex and dynamic environments. Traditional MAS-based distributed IDSs commonly do their detection work within a framework that employs the method of distributed data collection and hierarchical data analysis. This is a simple and strict method, but it restricts the characteristic of distributing, intelligence and real-time response badly. In this paper, we present a dynamically-created hierarchical framework, and then bring forward the basic algorithm system to support it. We introduce the opponent BDI model to our agents, and realize the detection based on multi-agent cooperation, which effectively improves the traditional distributed intrusion detection

KANG Song-lin,FAN Xiao-ping,FEI Hong-xiao,HU Ci-yuan,SUN Yong-xin

DOI: https://doi.org/10.3969/j.issn.1672-7207.2007.06.028

2007-01-01

Abstract:Combined network management system with intrusion detection system(IDS),the architecture of distributed intrusion detection system based on management agent was established.Good properties such as autonomy,cooperativity,communication mechanism among management agent were studied.Function structure of management agent was established and scheduling agent algorithm was also designed based on genetic algorithm.Management objects related to intrusion detection in management information base(MIB) were analyzed to form rules from different network levels.A distributed intrusion detection system with hierarchical structure and self-security was designed to monitor the running context of the system,and the rules were mined in intrusion detection from MIB according to the essence of network attack.The result shows that this method is efficient enough to meet the need of active detect complex intrusion.

Jianping Zeng,Donghui Guo

DOI: https://doi.org/10.5220/0002516401760181

2005-01-01

Abstract:More and more application services are provided and distributed over the Internet for public access. However, the security of distributed application severs is becoming a serious problem due to many possible attacks, such as deny of service, illegal intrusion, etc. Because of weakness of the firewall systems in ensuring security, intrusion detection system (IDS) becomes popular. Now, many kinds of IDS systems are available for serving in the Internet distributed system, but these systems mainly concentrate on networkbased and host-based detection. It is inconvenience to integrate these systems to distributed application servers for application-based intrusion detection. An agent-based IDS that can be smoothly integrated into applications of enterprise information systems is proposed in this paper. We will introduce its system architecture, agent structure, integration mechanism, and etc. In such an IDS system, there are three kinds of agents, i.e. client agent, server agent and communication agent. This paper is also to explain how to integrate agents with access control model for getting better security performance. By introducing standard protocol such as KQML, IDMEF into the design of agent, our agent-based IDS shows much more flexible for built in different kinds of software application system.

KU Yu,HU Liang,ZHANG Xiao-hui

DOI: https://doi.org/10.3321/j.issn:1671-5489.2007.03.019

2007-01-01

Abstract:Most traditional intrusion detection systems adopt the analysis engine of the concentrating type, so it is already difficult for them to meet the extensive security demand of the distributed network environment. An autonomous-agent-based adaptive distributed intrusion detection system was proposed to solve these problems. A honeypot-based distributed intrusion detection system was proposed to solve the higher rate of false negatives in most models. Moreover a detail description was given to the architecture and work mechanism of the model, and the character of the model was analyzed.

Mei-Ling Shyu,Thiago Quirino,Zongxing Xie,Shu-Ching Chen,Liwu Chang

DOI: https://doi.org/10.1145/1278460.1278463

2007-09-01

ACM Transactions on Autonomous and Adaptive Systems

Abstract:Recently, network security has become an extremely vital issue that beckons the development of accurate and efficient solutions capable of effectively defending our network systems and the valuable information journeying through them. In this article, a distributed multiagent intrusion detection system (IDS) architecture is proposed, which attempts to provide an accurate and lightweight solution to network intrusion detection by tackling issues associated with the design of a distributed multiagent system, such as poor system scalability and the requirements of excessive processing power and memory storage. The proposed IDS architecture consists of (i) the Host layer with lightweight host agents that perform anomaly detection in network connections to their respective hosts, and (ii) the Classification layer whose main functions are to perform misuse detection for the host agents, detect distributed attacks, and disseminate network security status information to the whole network. The intrusion detection task is achieved through the employment of the lightweight Adaptive Sub-Eigenspace Modeling (ASEM)-based anomaly and misuse detection schemes. Promising experimental results indicate that ASEM-based schemes outperform the KNN and LOF algorithms, with high detection rates and low false alarm rates in the anomaly detection task, and outperform several well-known supervised classification methods such as C4.5 Decision Tree, SVM, NN, KNN, Logistic, and Decision Table (DT) in the misuse detection task. To assess the performance in a real-world scenario, the Relative Assumption Model, feature extraction techniques, and common network attack generation tools are employed to generate normal and anomalous traffic in a private LAN testbed. Furthermore, the scalability performance of the proposed IDS architecture is investigated through the simulation of the proposed agent communication scheme, and satisfactory linear relationships for both degradation of system response time and agent communication generated network traffic overhead are achieved.

computer science, information systems, artificial intelligence, theory & methods

Jaydip Sen

DOI: https://doi.org/10.48550/arXiv.1111.0382

2011-11-02

Cryptography and Security

Abstract:The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes which may lead to a single point of failure. In this paper, a distributed intrusion detection architecture is presented that is based on autonomous and cooperating agents without any centralized analysis components. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. A proof-of-concept prototype is developed and experiments have been conducted on it. The results show the effectiveness of the system in detecting intrusive activities.

Yong ZHANG,De-yun ZHANG,Sheng-lei LI,Xu-xian IANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2001.01.011

2001-01-01

Abstract:In this paper the traditional intrusion detection technology is analyzed . analys and presents a intrusion detection framework based on hierarchical structure . The technologies such as agent、expert system、computer immunology、distributed system are integrated to construct a strong intrusion detection framework.

Dong Yongle,Qian Jun,Shi Meilin

DOI: https://doi.org/10.1109/CCECE.2003.1226031

2003-01-01

Abstract:Widespread attacks involving multiple hosts/networks happen more frequently as internetworking among computer systems via the Internet becomes more widely and keeps rapid increase. Due to lack of information, it can be quite difficult for conventional intrusion detection systems to identify such attacks in progress. Cooperative intrusion detection, on the basis of information sharing, is proved as a necessary measure to detect widespread attacks by other researcher D. Frincke (2000), Polla, D. et al., (1998). This paper presents a cooperative approach for intrusion detection that provides a method for individual ID components working cooperatively to perform concerted detections. Being constructed on the basis of ID components, CoIDS can adopt both existed (usually more mature) and new ID techniques. This makes CoIDS extensible and scalable. In addition, an ID component is essentially an autonomous agent, which makes CoIDS available with certain loss of functionality even when the intrusion detection manager does not work. Its reliability is also improved because failure of one ID component will not cause any other to stop working. Furthermore, it improved the accuracy of detection for conventional intrusions by validating analysis result with data from different ID components.

Jianping Zeng,Donghui Guo

2009-01-01

Abstract:Now days, difierent kinds of IDS systems are availablefor serving in the network distributed system, but thesesystems mainly concentrate on network-based and host-based detection. It is inconvenient to integrate these sys-tems into distributed application servers for application-based intrusion detection. An agent-based IDS that canbe smoothly integrated into the applications of enterpriseinformation systems is proposed in this paper and we dis-cuss the system architecture, agent structure, and integra-tion mechanism. Our IDS system consists of three kindsof agents, namely, client agent, server agent and commu-nication agent. This paper also explains how to integrateagents with an access control model for getting better se-curity performance. By introducing standard protocolssuch as KQML, IDMEF into the design of agent, ouragent-based IDS shows how to build more °exible soft-ware applications. Keywords: Agent-based, IDMEF, intrusion detection,KQML 1 Introduction Many application services, such as e-business, remote ed-ucation and Internet-based design, etc, are necessary tobe distributed over the Internet. However, because theInternet is an open society so that anyone can access theresource on it, then the application system may confrontwith all kinds of attacks or intrusions, such as Denial ofService (DoS), port scan, illegal intrusion by hacking userinformation, etc.Of all these security events, illegal intrusion is a moreserious issue. But standard security deployments such asflrewalls are limited in their efiectiveness because of sim-ple access control mode and also the intrusion methodsare evolving fast. Once an attacker has breached the flre-wall, he can roam at will through the network [13]. Thismakes intrusion detection system (IDS) very importantand necessary. Traditionally, there are two main classesof IDSs: host-based and network-based systems. A host-based IDS monitors the detailed activity of a particularhost, while network-based IDS monitors networks of com-puters and other devices such as, routers, gateways, andprimarily detects intrusion by sni–ng and analyzing datafrom network tra–c. Network and host-based IDSs, canbe further classifled based on two methods of detection[17]: anomaly detection and misuse detection.However, Masquerading attack is a typical intrusionand it can be a more serious threat to the security ofcomputer systems and the computational infrastructure[15]. By this kind of attacks, an assailant attempts toimpersonate a legitimate user after gaining access to thislegitimate user’s account. So, the assailant can fully un-derstand the information he gets. While by other kinds ofattacks, he just gets some segment of data or encrypteddata, which is much more di–cult to be understood. Awell-known instance of masquerader activity is about aFBI mode [15]. Since masquerading attack happens ex-actly at application layer, we call the methods to detectthis kind intrusion as application-based intrusion detec-tion. Application-based intrusion is more di–cult to bedetected and the detection program is usually unable toget satisfactory performance for the following reasons:1) Data about user action on system is much more di–-cult to be collected than network-based or host-baseddetection, because of the independency of applicationsystem.2) Application-based detection can degrade the perfor-mance of corresponding application system due tothe extra work that should be done in the process ofdata collection and analysis.3) A masquerader may happen to have similar behav-ioral patterns as the legitimate user, therefore it canescape detection and successfully cause damage un-der the cover of seemingly normal behavior [4].

陈浩

DOI: https://doi.org/10.3969/j.issn.1009-3044.2009.27.028

2009-01-01

Abstract:In order to make the campus network security management more convenient,easier to expand functionality. Intrusion detection technology in the study based on a campus network for the use of Distributed Intrusion Detection Framework. And the realization of this framework based on the campus network Distributed Intrusion Detection System.

YANG Jun-long,YU He-wei

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.21.017

2010-01-01

Abstract:We give a new framework which integrates multi-agent and distributed intrusion detection system(DIDS) to solve defects of normal DIDS. This paper gives detail description of the new framework. We found that the existed multi-agent intrusion detection system mostly use rule base to detect intrusion, lack intelligence detection. We combine immune mechanism and multi-agent intrusion detection system to give a new IDS which base on immune mechanism and multi-agent, the new system can improve accuracy and detection rate of attacks, at last we give the description of the system we designed.

段海新,吴建平

DOI: https://doi.org/10.13328/j.cnki.jos.2001.09.015

2001-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:An integrative taxonomy for intrusion detection technologies is proposed, which can specify accurately existing intrusion detection methods. Aiming at multiple-domain environments, a distributed cooperative intrusion detection system (DCIDS) is designed, which implements cooperative intrusion detection through efficient, secure information exchange among IDSes in different domain. The architecture of intrusion detection systems is described, as well as its four components: sensor, analyzer, manager and user-interface. Some key issues are also discussed, including secure communication and selection of detection places.

CAO Zhigang,WANG Shenkang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.058

2005-01-01

Abstract:The framework model proposed in this paper is a distributed intrusion detecting system based on a tridimensional agent.The framework is an open system, which has good scalability. It adopts a central controlling module and a detecting module for side-by-side agent, which can dependently control and process. It also can track in and note the intrusing data, then test it. The state-checking mechanism and policy of authentication in this model ensure the security of the agents themselves and the communication among them.

YU Zhong,YU Hui,LI Wei-hua

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.06.035

2007-01-01

Abstract:Through analyzing and studying the characteristics of large-scale network intrusion detection,a system structure which based on multi-agents alliance was proposed.In which,we use the plan knowledge chart to describe the intruder's attack attention,and through analyzing its strategy,proposed a method of work division and coordination amongst the multi-agents alliance.

Ran Zhang,Depei Qian,Chongming Bao,Weiguo Wu,Xiaobing Guo

DOI: https://doi.org/10.1109/ICCNMC.2001.962638

2001-01-01

Abstract:Intrusion detection research has been conducted for nearly 20 years but still remains in its infancy. The existing intrusion detection system architectures have a number of problems that limit their configurability, scalability, and efficiency. This paper first discusses the threats to networked computer systems, and introduces the intrusion detection mechanisms and agent technologies. On the basis of the above discussion, a multi-agent based intrusion detection architecture for LAN is proposed. This architecture can be easily extended and maintained, supporting distributed and intelligent intrusion detection. In addition, it can enhance the whole system detection efficiency greatly