Paper Info
Title
The Demian System Approach To Intrusion Detection
Abstract
This paper presents a small multi-agent system for intrusion detection, the DEMIAN system, which contributes with a new knowledge specification approach to model the behaviour and the communication of intrusion detection agents. A new detection language, with special focus on simplicity, usability and maintenance, was specified to model DEMIAN monitoring agents. A new correlation language, with a functional and analytical foundation, was defined to model the high-level threat analyst agent. Finally, all communication activities between agents were separated from monitoring and threat analysis tasks and modelled in an independent and interoperable way. This new approach to model the communication between agents integrates main standardization efforts on agent communication languages and intrusion detection formats: FIPA-ACL standard for Agent Communication Language and the Intrusion Detection Working Group IDMEF format. This integration is one of the main accomplishments of our work. In DEMIAN, we don't need to define a unique modelling language that supports all possible aspects of an attack language. With our approach, its possible to specify the behavior of different types of agents with different languages, and maintain the system fully integrated as long as all agents communicate with the same language and understand the same vocabulary.
Year
Venue
Keywords
2003
CONCURRENT ENGINEERING: ENHANCED INTEROPERABLE SYSTEMS
working group,intrusion detection,multi agent system
Field
DocType
Citations 
Computer security,Computer science,Intrusion detection system
Conference
0
PageRank 
References 
Authors
0.34
5
3
Name
Order
Citations
PageRank
João Carlos Gluz1135.84
Rosa Maria Viccari2195.18
Josué Klafke Sperb300.34