Abstract | ||
---|---|---|
We describe the design of a misuse detection agent, one of the different agents in a multiagent-based intrusion detection system. This system is being implemented in JADE, a well-known multiagent platform based in Java. The agent analyzes the packets in the network connections using a packet sniffer and then creates a data model based on the information obtained. This data model is the input to a rule-based agent inference engine, which uses the Rete algorithm for pattern matching, and the rules of the signature-based intrusion detection system Snort. Specifically, an implementation in Java language --- the Drools-JBoss Rules--- was used, and a parser was implemented that converts Snort rules to Drools rules. The use of object-oriented techniques, together with design patterns, means that the agent is flexible, easily configurable and extensible. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1007/978-3-540-72830-6_48 | KES-AMSTA |
Keywords | Field | DocType |
multi-agent architecture,design pattern,multiagent-based intrusion detection system,intrusion detection,java language,rule-based agent inference engine,different agent,converts snort rule,signature-based intrusion detection system,data model,drools rule,misuse detection agent,pattern matching,object oriented,intrusion detection system,rule based | Packet analyzer,Host-based intrusion detection system,Computer science,Anomaly-based intrusion detection system,Agent architecture,Rete algorithm,Inference engine,Misuse detection,Intrusion detection system,Distributed computing | Conference |
Volume | ISSN | Citations |
4496 | 0302-9743 | 3 |
PageRank | References | Authors |
0.49 | 5 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Eduardo Mosqueira-Rey | 1 | 93 | 11.62 |
Amparo Alonso-Betanzos | 2 | 885 | 76.98 |
Belen Baldonedo Río | 3 | 3 | 0.49 |
Jesús Lago Piñeiro | 4 | 3 | 0.49 |