Abstract
The paper proposes a formal framework for network traffic anomalies uncertainty level assessment within a distributed multiagent Intusion Detection System (IDS) architecture. The role of traffic anomalies detection is discussed then it has been clarified how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading). Finally, it has been defined how to use the proposed techniques in distributed IDS.
This work was supported by the Polish State Committee for Scientific Research under Grant No. 3 T11C 029 29 (2005-2007).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Beach, A., Modaff, M., Chen, Y.: Network Traffic Anomaly Detection and Characterization, http://cs.northwestern.edu/~ajb200/anomaly%20detection%20paper%201.0.pdf
Burgess, M.: An approach to understanding policy based on autonomy and voluntary cooperation. In: Schönwälder, J., Serrat, J. (eds.) DSOM 2005. LNCS, vol. 3775, pp. 97–108. Springer, Heidelberg (2005)
Burgess, M.: Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems. In: Feridun, M., Kropf, P.G., Babin, G. (eds.) DSOM 2002. LNCS, vol. 2506, pp. 169–180. Springer, Heidelberg (2002)
Gorodetski, V.I., Karsayev, O., Khabalov, A., Kotenko, I., Popyack, L.J., Skormin, V.A.: Agent-Based Model of Computer Network Security System: A Case Study. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 39–50. Springer, Heidelberg (2001)
Hwang, K., Liu, H., Chen, Y.: Cooperative Anomaly and Intrusion Detection for Alert Correlation in Networked Computing Systems. Technical Report, USC Internet and Grid Computing Lab, TR 2004-16 (2004)
Khoshgoftaar, T.M., Abushadi, M.E.: Resource-sensitive intrusion detection models for network traffic. In: Eighth IEEE International Symposium on Publication, pp. 249–258 (2004)
Juszczyszyn, K., Nguyen, N.T., Kolaczek, G., Grzech, A., Pieczynska, A., Katarzyniak, R.P.: Agent-based approach for distributed intrusion detection system design. In: Alexandrov, V.N., van Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds.) ICCS 2006. LNCS, vol. 3993, pp. 224–231. Springer, Heidelberg (2006)
Juszczyszyn, K., Kołaczek, G.: Assessing the Uncertainty of Communication Patterns in Distributed Intrusion Detection System. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds.) KES 2006. LNCS (LNAI), vol. 4252, pp. 243–250. Springer, Heidelberg (2006)
Kolaczek, G., Pieczynska-Kuchtiak, A., Juszczyszyn, K., Grzech, A., Katarzyniak, R.P., Nguyen, N.T.: A Mobile Agent Approach to Intrusion Detection in Network Systems. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 514–519. Springer, Heidelberg (2005)
Kotenko, I., et al.: Multi-Agent Modeling and Simulation of Distributed Denial-of-Service Attacks on Computer Networks. In: Proceedings of Third International Conference Navy and Shipbuilding Nowaday, St. Petersburg, pp. 38–47 (2003)
Thottan, M., Ji, C.: Anomaly detection in IP networks. IEEE Transactions on Signal Processing 51(8), 2191–2204 (2003)
Lakhina, A., Crovella, M., Diot, C.: Characterization of Network-Wide Anomalies in Traffic Flows. Technical Report BUCS-2004-020, Boston University (2004), http://citeseer.ist.psu.edu/715839.html
Shannon, C.E., Weaver, W.: The mathematical theory of communication. University of Illinois Press, Urbana (1949)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: ACM Workshop on Rapid Malcode - WORM ’03, pp. 11–18. ACM Press, New York (2003)
Jøsang, A.: A Logic for Uncertain Probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 9(3), 279–311 (2001)
Jøsang, A.: A Metric for Trusted Systems. In: Proceedings of the 21st National Security Conference, NSA, pp. 68–77 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kołaczek, G. (2007). Multiagent Approach to Network Traffic Anomalies Uncertainty Level Assessment in Distributed Intrusion Detection System. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2007. Lecture Notes in Computer Science(), vol 4496. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72830-6_50
Download citation
DOI: https://doi.org/10.1007/978-3-540-72830-6_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72829-0
Online ISBN: 978-3-540-72830-6
eBook Packages: Computer ScienceComputer Science (R0)