Abstract
We describe the design of a misuse detection agent, one of the different agents in a multiagent-based intrusion detection system. This system is being implemented in JADE, a well-known multiagent platform based in Java. The agent analyzes the packets in the network connections using a packet sniffer and then creates a data model based on the information obtained. This data model is the input to a rule-based agent inference engine, which uses the Rete algorithm for pattern matching, and the rules of the signature-based intrusion detection system Snort. Specifically, an implementation in Java language – the Drools-JBoss Rules– was used, and a parser was implemented that converts Snort rules to Drools rules. The use of object-oriented techniques, together with design patterns, means that the agent is flexible, easily configurable and extensible.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lunt, T.F., et al.: IDES: The enhanced prototype. A real-time intrusion-detection expert system. Technical Report SRI Project 4185-010, SRI-CSL-88-12, CSL SRI International (1988)
Spafford, E.H., Zamboni, D.: Intrusion Detection using autonomous agents. Computer Networks 34, 547–570 (2000)
Alonso-Betanzos, A., Guijarro-Berdiñas, B., Suárez-Romero, J.A.: A multiagent architecture for intrusion detection. In: Proc. KES-2002, vol. 2, pp. 1018–1022. IOS Press, Amsterdam (2002)
Java Agent DEvelopment framework. JADE (2006), http://jade.tilab.com Last accessed 07/05/2006
Suárez-Romero, J.A., Fontenla-Romero, O., Guijarro-Berdiñas, B., Alonso-Betanzos, A.: A new learning method for single layer neural networks based on a regularized cost function. In: Mira, J., Álvarez, J.R. (eds.) IWANN 2003. LNCS, vol. 2686, pp. 270–277. Springer, Heidelberg (2003)
SNORT (2006), http://www.snort.org Last accessed 07/05/2006
Forgy, C.: Rete: A Fast Algorithm for the Many Pattern/Many Object Pattern Match Problem. Artificial Intelligence 19, 17–37 (1982)
Bouand, J., Voyer, R.: Behavioral match: embedding production systems and objects. In: Proceedings of the OOPSLA’94 Workshop on Embedded Object-Oriented Production Systems, Laforia, Paris (1994)
Santos da Figueira Filho, C., Lisboa Ramalho, G.: JEOPS - The Java Embedded Object Production System. In: Monard, M.C., Sichman, J.S. (eds.) SBIA 2000 and IBERAMIA 2000. LNCS (LNAI), vol. 1952, pp. 53–61. Springer, Heidelberg (2000)
Ahmed, A., Garcia, M.: Signature-based network intrusion detection system using JESS (SNIDJ). In: Proc. 9th IASTED Int. Conf. on Internet and Multimedia Systems, pp. 281–286 (2005)
Friedman-Hill, E.: Jess in action. Manning Pub. Co., Greenwich (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mosqueira-Rey, E., Alonso-Betanzos, A., del Río, B.B., Piñeiro, J.L. (2007). A Misuse Detection Agent for Intrusion Detection in a Multi-agent Architecture. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2007. Lecture Notes in Computer Science(), vol 4496. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72830-6_48
Download citation
DOI: https://doi.org/10.1007/978-3-540-72830-6_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72829-0
Online ISBN: 978-3-540-72830-6
eBook Packages: Computer ScienceComputer Science (R0)