Name
Abstract | ||
|---|---|---|
This paper presents conceptual model, architecture and software prototype of a multi-agent intrusion detection system (IDS) operating on the basis of heterogeneous alert correlation. The latter term denotes IDS provided with a structure of anomaly detection–like classifiers designed for detection of intrusions in cooperative mode. An idea is to use a structure of classifiers operating on the basis of various data sources and trained for detection of attacks of particular classes. Alerts in regard to particular attack classes produced by multiple classifiers are correlated at the upper layer. The top-layer classifier solves intrusion detection task: it combines decisions of specialized alert correlation classifiers of the lower layer and produces combined decision in order to more reliably detect an attack class. IDS software prototype operating on the basis of input traffic is implemented as multi-agent system trained to detect attacks of classes DoS, Probe and U2R. The paper describes structure of such multi-layered intrusion detection, outlines preprocessing procedures and ‘data sources, specifies the IDS multi-agent architecture and presents briefly the experimental results received on the basis of DARPA-98 data, which generally confirm the feasibility of the approach and it's certain advantages. |
Year | DOI | Venue |
|---|---|---|
2005 | 10.1007/11560326_28 | MMM-ACNS |
Keywords | Field | DocType |
anomaly detection,ids software prototype operating,intrusion detection task,classifiers operating,darpa-98 data,ids multi-agent architecture,classes dos,multi-layered intrusion detection,asynchronous alert correlation,data source,multi-agent intrusion detection system,intrusion detection system,layered intrusion,multi agent system,conceptual model,intrusion detection | Asynchronous communication,Anomaly detection,Denial-of-service attack,Computer security,Computer science,Anomaly-based intrusion detection system,Software architecture,Systems architecture,Classifier (linguistics),Intrusion detection system | Conference |
Volume | ISSN | ISBN |
3685 | 0302-9743 | 3-540-29113-X |
Citations | PageRank | References |
3 | 0.43 | 13 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Vladimir Gorodetsky | 1 | 331 | 32.81 |
| Oleg Karsaev | 2 | 56 | 9.55 |
| Vladimir Samoilov | 3 | 75 | 6.80 |
| Alexander Ulanov | 4 | 65 | 9.64 |