Skip to main content
SpringerLink
Log in

Agent-Based Distributed Intrusion Alert System

  • Conference paper
Distributed Computing - IWDC 2004 (IWDC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3326))

Included in the following conference series:

Abstract

Intrusion detection for computer systems is a key problem in today’s networked society. Current distributed intrusion detection systems (IDSs) are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. Increasingly, researchers are focusing on distributed IDSs to circumvent the problems of centralized approaches. A major concern of fully distributed IDSs is the high false positive rates of intrusion alarms which undermine the usability of such systems. We believe that effective distributed IDSs can be designed based on principles of coordinated multiagent systems. We propose an Agent-Based Distributed Intrusion Alert System (ABDIAS) which is fully distributed and provides two capabilities in addition to other functionalities of an IDS: (a) early warning when pre-attack activities are detected, (b) detecting and isolating compromised nodes by trust mechanisms and voting-based peer-level protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cheng, J., Bell, D., Liu, W.: Learning bayesian networks from data: An efficient approach based on information theory. Technical report, University of Alberta, Canada (1998)

    Google Scholar 

  2. Cooper, G.F.: The computational complexity of probabilistic inference using bayesian belief networks. Artificial Intelligence 42, 393–405 (1990)

    Article  MATH  MathSciNet  Google Scholar 

  3. Guo, H., Hsu, W.H.: A survey of algorithms for real-time bayesian network inference. In: AAAI/KDD/UAI-2002 Joint Workshop on Real-Time Decision Support and Diagnosis Systems, Edmonton (July 2002)

    Google Scholar 

  4. Huang, M.Y., Wicks, T.M.: A large-scale distributed intrusion detection framework based on attack strategy analysis. In: Web proceedings of the First International Workshop on Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium (September 1998)

    Google Scholar 

  5. Jensen, F.V.: An Introduction to Bayesian Networks. Springer, New York (1996)

    Google Scholar 

  6. Kddcup 1999: Intrusion detection data set. DARPA Intrusion data repository (1999), URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz

  7. Lauritzen, S.L., Spiegelhalter, D.J.: Local computations with probabilities on graphical structures and their applications to expert systems. In: Proceedings of the Royal Statistical Society. Series B, vol. 50, pp. 154–227 (1988)

    Google Scholar 

  8. Mit lincoln laboratory. DARPA Intrusion data repository, URL: http://www.ll.mit.edu/IST/ideval/

  9. Mukherjee, B., Heberlein, T.L., Levitt, K.N.: Network intrusion detection. IEEE Network 8(3), 26–41 (1994)

    Article  Google Scholar 

  10. Porras, P.A., Neumann, P.G.: Emerald: event monitoring enabling responses to anomalous live disturbances. In: 20th National Information Systems Security Conference (October 1997)

    Google Scholar 

  11. Brentano, J., Snapp, S., Dias, G., et al.: Dids (distributed intrusion detection system) motivation, architecture, and an early prototype. In: Fourteenth National Computer Security Conference, Washington, DC (October 1991)

    Google Scholar 

  12. Scott, S.L.: A bayesian paradigm for designing intrusion detection system. Computational Statistics and Data Analysis 45(1), 69–83 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  13. Sen, S.: Developing an automated distributed meeting scheduler. IEEE Expert 12(4), 41–45 (1997)

    Article  Google Scholar 

  14. Sen, S.: Believing others: Pros and cons. Artificial Intelligence 142(2), 179–203 (2002)

    Article  Google Scholar 

  15. Shimony, S.: Finding maps for belief networks is np-hard. Artificial Intelligence 68, 399–410 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  16. Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)

    Article  Google Scholar 

  17. White, G., Fisch, E., Pooch, U.: Cooperating security managers: A peer-based intrusion detection system. IEEE Network 10(1), 20–23 (1996)

    Article  Google Scholar 

  18. Xiang, Y.: Comparison of multiagent inference methods in multiply sectioned bayesian networks. International Journal of Approximate Reasoning 33(3), 235–254 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  19. Xiang, Y., Poole, D., Beddoes, M.: Multiply sectioned bayesian networks and junction forests for large knowledge-based systems. Computational Intelligence 9(2), 171–220 (1993)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tulsa, Tulsa, OK, 74104, USA

    Arjita Ghosh & Sandip Sen

Authors
  1. Arjita Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandip Sen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing and Informatics, Arizona State University, 85287, Tempe, AZ,  

    Arunabha Sen

  2. Indian Statistical Institute, Kolkata,  

    Nabanita Das

  3. Department of Computer Science and Engineering, University of Texas at Arlington, P.O. Box 19015, 76019, Arlington, TX, USA

    Sajal K. Das

  4. ACM Unit, Indian Statistical Institute, 700 108, Kolkata, India

    Bhabani P. Sinha

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ghosh, A., Sen, S. (2004). Agent-Based Distributed Intrusion Alert System. In: Sen, A., Das, N., Das, S.K., Sinha, B.P. (eds) Distributed Computing - IWDC 2004. IWDC 2004. Lecture Notes in Computer Science, vol 3326. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30536-1_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30536-1_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24076-1

  • Online ISBN: 978-3-540-30536-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation