In this paper we propose a framework for
multisensor intrusion detection called Fuzzy Agent-Based Intrusion
Detection System. A unique feature of this model is that the agent
uses data from multiple sensors and the fuzzy logic to process log
files. Use of this feature reduces the overhead in a distributed
intrusion detection system. We have developed an agent
communication architecture that provides a prototype
implementation. This paper discusses also the issues of combining
intelligent agent technology with the intrusion detection domain.
[1] S. Axelsson. "Intrusion Detection Systems: A Taxonomy and Survey."
Technical Report No 99-15, Dept of Computer Engineering, Chalmers
University of Technology, Sweden, March 2000
[2] Russell, S. J. & Norvig, P.(1995). Artificial IntelligenceÔÇöA modern
approach. Upper saddle River ,NJ:Prentice Hall Inc.
[3] W. Jansen, P. Mell, T. Karygiannis, and D. Marks. "Applying mobile
agents to intrusion detection and response." NISTIR-6416, September
1999
[4] Young-Gyun Kim, M. Valtorta, and J. Vomlel. "A Prototypical System
for Soft Evidential Update." USC CSCE TR2002-005, Department of
Computer Science and Engineering, University of South Carolina,
Columbia, 2002.
[5] Steffen L. Lauritzen and David J. Spiegelhalter. "Local Computations
with Probabilities on Graphical Structures and their Application to
Expert Systems." Journal of the Royal Statistical Society, Series B, 50
(1988), 2, pp.157-224.
[6] W. Lee and S.J. Stolfo. "Data Mining Approaches for Intrusion
Detection." In Proc. of the 7th USENIX Security Symp, San Antonio,
TX, 1998, pp.79-94
[7] M. Meneganti, F.S. Saviello, and R.Tagliaferri. "Fuzzy Neural
Networks for Classification and Detection of Anomalies." IEEE Trans.
On Neural Networks, 9/5, 1998, pp. 848-861
[8] S. Northcutt, Network Intrusion Detection: An Analyst's Handbook,
New Riders, 1999
[9] J. Moy. OSPF version 2. Internet Draft, RFC-2178, July 1997
[10] Judea Pearl. Probabilistic Reasoning in Intelligent Systems: Networks
of Plausible Inference. Morgan-Kaufmann, 1988.
[11] Studer, R., Benjamins, V. R., Fensel, D. (1998). Knowledge
Engineering: Principles and Methods. Data Knowledge Engineering, 25
(1-2).
[12] Marco Valtorta, Young-Gyun Kim, and Jirí Vomlel. "Soft Evidential
Update for Probabilistic Multiagent Systems." International Journal of
Approximate Reasoning, 29, 1 (January 2002), pp.71-106.
[13] A. Valdes and K. Skinner. "Adaptive, Model-Based Monitoring for
Cyber Attack Detection." In Proc. RAID, 2000, pp. 80-92
[14] Wasniowski RA, Agent Based Design Methodology, RAW-TR-00-12
[15] Wasniowski RA, Intrusion Detection System with Fuzzy Logic Agent,
RAW-TR-01-09
[16] Wooldridge, M., and Jennings, N. (1995) "Intelligent Agents: Theory
and Practice," Knowledge Engineering Review, Vol. 10, No. 2.
[17] J. Allen, A. Christie, W. Fit hen, J. McHugh, J. Pickle, and E. Stoner.
State of the practice of intrusion detection technologies. Technical
Report CMU/SEI-99-TR-028, Software Engineering Institute, Carnegie
Mellon University, January 2000.
[18] T. Bass. Intrusion Detection Systems and Multisensor Data Fusion.
Communications of the ACM, 43(4):99-105, April 2000.
[19] T. Bass, Alfredo Freyre, David Gruber, and Glenn Watt. EMail Bombs
and Countermeasures: Cyber Attacks on Availability and Brand
Integrity. IEEE Network, pages 10-17, March/April 1998.
[20] J. Baras, A. Cardenas, and V. Ramezani. On-line Detection of
Distributed Attacks from Space-time Network Flow Patterns. In
Proceedings of 24th Army Science Conference, November, 2004.
[21] K.C. Chang, R.K. Saha and Y. Bar-Shalom, On optimal track-to-track
fusion. IEEE Transactions on Aerospace and Electronic Systems 33 4
(1997).
[22] H. Chen, T. Kirubarajan, Y. Bar-Shalom, Comparison of Centralized and
Distributed Tracking Algorithms Using Air to Air Scenarios, in: Signal
and Data Processing of Small Targets 2000, Proceedings of SPIE Vol.
4048, 2000, pp. 440-451
[23] Y. Bar-Shalom, Performance Limits of Track-to-Track Fusion versus
Centralized Estimation: Theory and Application, in: Fourth ONR/GTRI
Workshop on Target Tracking and Sensor Fusion, May 2001, Monterey,
CA.
[24] S. Coraluppi, C. Carthel, M. Mallick, Hierarchical Multi-Hypothesis
Tracking with Application to Multi-Scale Sensor Data, to appear in:
Proceedings of the 2002 IEEE Aerospace Conference, March 2002, Big
Sky MT, USA
[25] M. M. Mizushima, SnortMart, a Network Intrusion Detection System
Data Mart, graduate senior project, CSUDH 2005.
[26] Kun-chan Lan, Alefiya Hussain, Debojyoti Dutta, Effect of Malicious
Traffic on the Network, presented at PAM2003, the Passive and Active
Measurement Workshop, April 6-8, 2003, La Jolla, CA, USA
[1] S. Axelsson. "Intrusion Detection Systems: A Taxonomy and Survey."
Technical Report No 99-15, Dept of Computer Engineering, Chalmers
University of Technology, Sweden, March 2000
[2] Russell, S. J. & Norvig, P.(1995). Artificial IntelligenceÔÇöA modern
approach. Upper saddle River ,NJ:Prentice Hall Inc.
[3] W. Jansen, P. Mell, T. Karygiannis, and D. Marks. "Applying mobile
agents to intrusion detection and response." NISTIR-6416, September
1999
[4] Young-Gyun Kim, M. Valtorta, and J. Vomlel. "A Prototypical System
for Soft Evidential Update." USC CSCE TR2002-005, Department of
Computer Science and Engineering, University of South Carolina,
Columbia, 2002.
[5] Steffen L. Lauritzen and David J. Spiegelhalter. "Local Computations
with Probabilities on Graphical Structures and their Application to
Expert Systems." Journal of the Royal Statistical Society, Series B, 50
(1988), 2, pp.157-224.
[6] W. Lee and S.J. Stolfo. "Data Mining Approaches for Intrusion
Detection." In Proc. of the 7th USENIX Security Symp, San Antonio,
TX, 1998, pp.79-94
[7] M. Meneganti, F.S. Saviello, and R.Tagliaferri. "Fuzzy Neural
Networks for Classification and Detection of Anomalies." IEEE Trans.
On Neural Networks, 9/5, 1998, pp. 848-861
[8] S. Northcutt, Network Intrusion Detection: An Analyst's Handbook,
New Riders, 1999
[9] J. Moy. OSPF version 2. Internet Draft, RFC-2178, July 1997
[10] Judea Pearl. Probabilistic Reasoning in Intelligent Systems: Networks
of Plausible Inference. Morgan-Kaufmann, 1988.
[11] Studer, R., Benjamins, V. R., Fensel, D. (1998). Knowledge
Engineering: Principles and Methods. Data Knowledge Engineering, 25
(1-2).
[12] Marco Valtorta, Young-Gyun Kim, and Jirí Vomlel. "Soft Evidential
Update for Probabilistic Multiagent Systems." International Journal of
Approximate Reasoning, 29, 1 (January 2002), pp.71-106.
[13] A. Valdes and K. Skinner. "Adaptive, Model-Based Monitoring for
Cyber Attack Detection." In Proc. RAID, 2000, pp. 80-92
[14] Wasniowski RA, Agent Based Design Methodology, RAW-TR-00-12
[15] Wasniowski RA, Intrusion Detection System with Fuzzy Logic Agent,
RAW-TR-01-09
[16] Wooldridge, M., and Jennings, N. (1995) "Intelligent Agents: Theory
and Practice," Knowledge Engineering Review, Vol. 10, No. 2.
[17] J. Allen, A. Christie, W. Fit hen, J. McHugh, J. Pickle, and E. Stoner.
State of the practice of intrusion detection technologies. Technical
Report CMU/SEI-99-TR-028, Software Engineering Institute, Carnegie
Mellon University, January 2000.
[18] T. Bass. Intrusion Detection Systems and Multisensor Data Fusion.
Communications of the ACM, 43(4):99-105, April 2000.
[19] T. Bass, Alfredo Freyre, David Gruber, and Glenn Watt. EMail Bombs
and Countermeasures: Cyber Attacks on Availability and Brand
Integrity. IEEE Network, pages 10-17, March/April 1998.
[20] J. Baras, A. Cardenas, and V. Ramezani. On-line Detection of
Distributed Attacks from Space-time Network Flow Patterns. In
Proceedings of 24th Army Science Conference, November, 2004.
[21] K.C. Chang, R.K. Saha and Y. Bar-Shalom, On optimal track-to-track
fusion. IEEE Transactions on Aerospace and Electronic Systems 33 4
(1997).
[22] H. Chen, T. Kirubarajan, Y. Bar-Shalom, Comparison of Centralized and
Distributed Tracking Algorithms Using Air to Air Scenarios, in: Signal
and Data Processing of Small Targets 2000, Proceedings of SPIE Vol.
4048, 2000, pp. 440-451
[23] Y. Bar-Shalom, Performance Limits of Track-to-Track Fusion versus
Centralized Estimation: Theory and Application, in: Fourth ONR/GTRI
Workshop on Target Tracking and Sensor Fusion, May 2001, Monterey,
CA.
[24] S. Coraluppi, C. Carthel, M. Mallick, Hierarchical Multi-Hypothesis
Tracking with Application to Multi-Scale Sensor Data, to appear in:
Proceedings of the 2002 IEEE Aerospace Conference, March 2002, Big
Sky MT, USA
[25] M. M. Mizushima, SnortMart, a Network Intrusion Detection System
Data Mart, graduate senior project, CSUDH 2005.
[26] Kun-chan Lan, Alefiya Hussain, Debojyoti Dutta, Effect of Malicious
Traffic on the Network, presented at PAM2003, the Passive and Active
Measurement Workshop, April 6-8, 2003, La Jolla, CA, USA
@article{"International Journal of Information, Control and Computer Sciences:52017", author = "Richard A. Wasniowski", title = "Multisensor Agent Based Intrusion Detection", abstract = "In this paper we propose a framework for
multisensor intrusion detection called Fuzzy Agent-Based Intrusion
Detection System. A unique feature of this model is that the agent
uses data from multiple sensors and the fuzzy logic to process log
files. Use of this feature reduces the overhead in a distributed
intrusion detection system. We have developed an agent
communication architecture that provides a prototype
implementation. This paper discusses also the issues of combining
intelligent agent technology with the intrusion detection domain.", keywords = "Intrusion detection, fuzzy logic, agents, networksecurity.", volume = "1", number = "5", pages = "1213-4", }
