Abstract
Intrusion detection for computer systems is a key problem in today’s networked society. Current distributed intrusion detection systems (IDSs) are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. Increasingly, researchers are focusing on distributed IDSs to circumvent the problems of centralized approaches. A major concern of fully distributed IDSs is the high false positive rates of intrusion alarms which undermine the usability of such systems. We believe that effective distributed IDSs can be designed based on principles of coordinated multiagent systems. We propose an Agent-Based Distributed Intrusion Alert System (ABDIAS) which is fully distributed and provides two capabilities in addition to other functionalities of an IDS: (a) early warning when pre-attack activities are detected, (b) detecting and isolating compromised nodes by trust mechanisms and voting-based peer-level protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cheng, J., Bell, D., Liu, W.: Learning bayesian networks from data: An efficient approach based on information theory. Technical report, University of Alberta, Canada (1998)
Cooper, G.F.: The computational complexity of probabilistic inference using bayesian belief networks. Artificial Intelligence 42, 393–405 (1990)
Guo, H., Hsu, W.H.: A survey of algorithms for real-time bayesian network inference. In: AAAI/KDD/UAI-2002 Joint Workshop on Real-Time Decision Support and Diagnosis Systems, Edmonton (July 2002)
Huang, M.Y., Wicks, T.M.: A large-scale distributed intrusion detection framework based on attack strategy analysis. In: Web proceedings of the First International Workshop on Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium (September 1998)
Jensen, F.V.: An Introduction to Bayesian Networks. Springer, New York (1996)
Kddcup 1999: Intrusion detection data set. DARPA Intrusion data repository (1999), URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz
Lauritzen, S.L., Spiegelhalter, D.J.: Local computations with probabilities on graphical structures and their applications to expert systems. In: Proceedings of the Royal Statistical Society. Series B, vol. 50, pp. 154–227 (1988)
Mit lincoln laboratory. DARPA Intrusion data repository, URL: http://www.ll.mit.edu/IST/ideval/
Mukherjee, B., Heberlein, T.L., Levitt, K.N.: Network intrusion detection. IEEE Network 8(3), 26–41 (1994)
Porras, P.A., Neumann, P.G.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: 20th National Information Systems Security Conference (October 1997)
Brentano, J., Snapp, S., Dias, G., et al.: Dids (distributed intrusion detection system) motivation, architecture, and an early prototype. In: Fourteenth National Computer Security Conference, Washington, DC (October 1991)
Scott, S.L.: A bayesian paradigm for designing intrusion detection system. Computational Statistics and Data Analysis 45(1), 69–83 (2004)
Sen, S.: Developing an automated distributed meeting scheduler. IEEE Expert 12(4), 41–45 (1997)
Sen, S.: Believing others: Pros and cons. Artificial Intelligence 142(2), 179–203 (2002)
Shimony, S.: Finding maps for belief networks is np-hard. Artificial Intelligence 68, 399–410 (1994)
Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)
White, G., Fisch, E., Pooch, U.: Cooperating security managers: A peer-based intrusion detection system. IEEE Network 10(1), 20–23 (1996)
Xiang, Y.: Comparison of multiagent inference methods in multiply sectioned bayesian networks. International Journal of Approximate Reasoning 33(3), 235–254 (2003)
Xiang, Y., Poole, D., Beddoes, M.: Multiply sectioned bayesian networks and junction forests for large knowledge-based systems. Computational Intelligence 9(2), 171–220 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ghosh, A., Sen, S. (2004). Agent-Based Distributed Intrusion Alert System. In: Sen, A., Das, N., Das, S.K., Sinha, B.P. (eds) Distributed Computing - IWDC 2004. IWDC 2004. Lecture Notes in Computer Science, vol 3326. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30536-1_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-30536-1_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24076-1
Online ISBN: 978-3-540-30536-1
eBook Packages: Computer ScienceComputer Science (R0)