Intelligent Agents for Distributed Intrusion Detection System
This paper presents a distributed intrusion
detection system IDS, based on the concept of specialized
distributed agents community representing agents with the
same purpose for detecting distributed attacks. The semantic of
intrusion events occurring in a predetermined network has been
defined. The correlation rules referring the process which our
proposed IDS combines the captured events that is distributed
both spatially and temporally. And then the proposed IDS tries
to extract significant and broad patterns for set of well-known
attacks. The primary goal of our work is to provide intrusion
detection and real-time prevention capability against insider
attacks in distributed and fully automated environments.
[1] M. Eid, "A New Mobile Agent-Based Intrusion detection System Using
distributed Sensors", In proceeding of FEASC, 2004.
[2] G. Hulmer, J. S.K. Wong, V. Honavar, L. Miller, Y. Wang,
"Lightweight Agents for Intrusion Detection", Journal of Systems and
Software 67 (03), pages 109-122, 2003.
[3] M. Benattou and K. Tamine, "Mobile Agents Community For
Distributed Intrusion Detection System", accepted for publication in
proceeding of International conference on Computing, Communication
and Control Technologies, Austin, USA, July 2005.
[4] W. A. Jansen, "Intrusion detection with mobile agents", Computer
communication (15): page: 1392-1401, 2002.
[5] C. Kruegel and T. Toth "Applying Mobile Agent Technology to
Intrusion Detection", technical report, University of Vienna, TUV-
1841-2002-31, 2002.
[6] M. Benattou and Jean-Michel Bruel, "Active Objects for Coordination in
Distributed Testing", Proceedings of the 8th Int. Conf. on Object-
Oriented Information Systems OOIS'02, Lecture Notes in Computer
Science, Vol 2425, pp 348-357, 2002.
[7] W. A. Jansen, "Determining Privileges of Mobile Agents", 17th Annual
Computer Security Applications Conference, pages 149-160, 2001.
[8] J. Barrus and N. Rowe, "Distributed Autonomous-Agent Network-
Intrusion detection and response System. In proceeding of Command
and Control research and Technologies Symposium, 1998.
[9] S. Fenet and S. Hassas, "A Distributed Intrusion Response System
Based on Mobile Autonomous Agents Using Social Insects
Communication Paradigm". Published by Elsevier Science B. V., pages
21-29, 2001.
[10] S. Anasari, Rajeev S.G., and H.S. Chandrashekar, "Packet Sniffing: A
brief Introduction", IEEE, January 2003.
[11] K. Boudaoud, N. Foukia, Z. Guessoum "An Intelligent Agent Approach
for Security Management ", Proceeding of the 7th HP OpenView
University Association Plenary Workshop, HPOVUA-2000, Santorini,
Greece 12-14 June 2000.
[12] K. Singh, Son Vuong "Blaze: A Mobile Agent Paradigm for VOIP
Intrusion Detection System", Proceeding of ICETE 2004, First
International Conference on Business and Telecommunication
Networks, Setubal, Portugal, August 2004.
[13] M. Roesch, "Snort: Lightweight Intrusion detection for networks", A
white paper on the design features of snort 2.0, 2004.
www.sourcefire.com/technology/whitepapers.html
[14] T. Wheeler, "Reducing Development Effort Using the Voyager ORB",
Recursion Software, Inc, 2002.
[1] M. Eid, "A New Mobile Agent-Based Intrusion detection System Using
distributed Sensors", In proceeding of FEASC, 2004.
[2] G. Hulmer, J. S.K. Wong, V. Honavar, L. Miller, Y. Wang,
"Lightweight Agents for Intrusion Detection", Journal of Systems and
Software 67 (03), pages 109-122, 2003.
[3] M. Benattou and K. Tamine, "Mobile Agents Community For
Distributed Intrusion Detection System", accepted for publication in
proceeding of International conference on Computing, Communication
and Control Technologies, Austin, USA, July 2005.
[4] W. A. Jansen, "Intrusion detection with mobile agents", Computer
communication (15): page: 1392-1401, 2002.
[5] C. Kruegel and T. Toth "Applying Mobile Agent Technology to
Intrusion Detection", technical report, University of Vienna, TUV-
1841-2002-31, 2002.
[6] M. Benattou and Jean-Michel Bruel, "Active Objects for Coordination in
Distributed Testing", Proceedings of the 8th Int. Conf. on Object-
Oriented Information Systems OOIS'02, Lecture Notes in Computer
Science, Vol 2425, pp 348-357, 2002.
[7] W. A. Jansen, "Determining Privileges of Mobile Agents", 17th Annual
Computer Security Applications Conference, pages 149-160, 2001.
[8] J. Barrus and N. Rowe, "Distributed Autonomous-Agent Network-
Intrusion detection and response System. In proceeding of Command
and Control research and Technologies Symposium, 1998.
[9] S. Fenet and S. Hassas, "A Distributed Intrusion Response System
Based on Mobile Autonomous Agents Using Social Insects
Communication Paradigm". Published by Elsevier Science B. V., pages
21-29, 2001.
[10] S. Anasari, Rajeev S.G., and H.S. Chandrashekar, "Packet Sniffing: A
brief Introduction", IEEE, January 2003.
[11] K. Boudaoud, N. Foukia, Z. Guessoum "An Intelligent Agent Approach
for Security Management ", Proceeding of the 7th HP OpenView
University Association Plenary Workshop, HPOVUA-2000, Santorini,
Greece 12-14 June 2000.
[12] K. Singh, Son Vuong "Blaze: A Mobile Agent Paradigm for VOIP
Intrusion Detection System", Proceeding of ICETE 2004, First
International Conference on Business and Telecommunication
Networks, Setubal, Portugal, August 2004.
[13] M. Roesch, "Snort: Lightweight Intrusion detection for networks", A
white paper on the design features of snort 2.0, 2004.
www.sourcefire.com/technology/whitepapers.html
[14] T. Wheeler, "Reducing Development Effort Using the Voyager ORB",
Recursion Software, Inc, 2002.
@article{"International Journal of Information, Control and Computer Sciences:63759", author = "M. Benattou and K. Tamine", title = "Intelligent Agents for Distributed Intrusion Detection System", abstract = "This paper presents a distributed intrusion
detection system IDS, based on the concept of specialized
distributed agents community representing agents with the
same purpose for detecting distributed attacks. The semantic of
intrusion events occurring in a predetermined network has been
defined. The correlation rules referring the process which our
proposed IDS combines the captured events that is distributed
both spatially and temporally. And then the proposed IDS tries
to extract significant and broad patterns for set of well-known
attacks. The primary goal of our work is to provide intrusion
detection and real-time prevention capability against insider
attacks in distributed and fully automated environments.", keywords = "Mobile agent, specialized agent, interpreter agent,
event rules, correlation.", volume = "1", number = "6", pages = "1807-4", }
