Abstract
The protection of modern distributed information networks from external and internal intruders continues to be of great importance due to the development of data transmission and processing technology. The article describes a model of data processing in the distributed intrusion detection system (DIDS) and method of using of hidden agents to protect from an internal intruder. The distribution of the functions on data processing between the DIDS local agent and central data processing node is presented. We describe a method of hiding of presence of the agent from the system user while retaining control of it from the part of the operator.
Similar content being viewed by others
REFERENCES
Snapp, S.R., Brentano, J., Dias, G.V., Goan, T.L., Heberlein, L.T., Lin Ho, C., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., and Mansur, D., DIDS (Distributed Intrusion Detection System) ± motivation, architecture, and an early prototype, Proceedings of the 14th National Computer Security Conference, Washington, DC, 1991, pp. 167–176.
Bass, T., Intrusion detection systems and multisensor data fusion, Commun. ACM, 2000, vol. 43, no. 4, pp. 99–105. doi 10.1145/332051.332079
Helmer, G.G., Wong, J.S.K., Honavar, V., and Miller, L., Intelligent agents for intrusion detection, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228), Syracuse, NY, 1998, pp. 121–124. doi 10.1109/IT.1998.713396
Huang, M.-Y., Jasper, R.J., and Wicks, T.M., A large scale distributed intrusion detection framework based on attack strategy analysis, Comput. Networks, 1999, vol. 31, nos. 23–24, pp. 2465–2475. doi 10.1016/S1389-1286(99)00114-0
Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., and Zamboni, D., An architecture for intrusion detection using autonomous agents, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217), Phoenix, AZ, 1998, pp. 13–24. doi 10.1109/CSAC.1998.738563
Sung, A.H., Mukkamala, S., and Lassez, J.-L., Computationally intelligent agents for distributed intrusion detection system and method of practicing same. https://patents.google.com/patent/US7941855.
Juszczyszyn, K., Nguyen, N.T., Kolaczek, G., Grzech, A., Pieczynska, A., and Katarzyniak, R., Agent-based approach for distributed intrusion detection system design, Computational Science—ICCS 2006; Lect. Notes Comput. Sci., 2006, vol. 3993, pp. 224–231. https://doi.org/10.1007/11758532_31
Wang, Y., Yang, H., Wang, X., and Zhang, R., Distributed intrusion detection system based on data fusion method, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788), 2004, vol. 5, pp. 4331–4334. doi 10.1109/WCICA.2004.1342330
Gamayunov, D.Yu., Detection of computer attacks based on the analysis of the behavior of network objects, Cand. Sci. (Eng.) Dissertation, Moscow, 2007.
Lauf, A.P., Peters, R.A., and Robinson, W.H., A distributed intrusion detection system for resource-constrained devices in ad-hoc networks, Ad Hoc Networks, 2010, vol. 8, no. 3, pp. 253–266. doi 10.1016/j.adhoc.2009.08.002
Li, Q., Tan, Z., Jamdagni, A., Nanda, P., He, X., and Han, W. An intrusion detection system based on polynomial feature correlation analysis, IEEE Trustcom/BigDataSE/ISPA Conference Proceedings, 2017, pp. 1–6. doi 10.1109/Trustcom/BigDataSE/ICESS.2017.340
Figlin, I., Zavalkovsky, A., Arzi, L., Hudis, E., LeMond, J.R., Fitzgerald, R.E., Ahmed, K.E., Williams, J.S., and Hardy, E.W., Network intrusion detection with distributed correlation. https://patents.google.com/patent/ US20110173699A1.
Seresht, N.A. and Azmi, R., MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach, Eng. Appl. Artif. Intell., 2014, vol. 35, pp. 286–298. doi 10.1016/j.engappai.2014.06.022
Aljawarneha, S., Aldwairiab, M., and Yasseina, M.B., Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160. doi 10.1016/j.jocs.2017.03.006
Zuech, R., Khoshgoftaar, T.M., and Wald, R., Intrusion detection and Big Heterogeneous Data: A survey, J. Big Data, 2015, vol. 2, no. 3, pp. 1–41. https://doi.org/10.1186/s40537-015-0013-4
Deng, S., Zhou, A.-H., Yue, D., Hu, B., and Zhu, L.-P., Distributed intrusion detection based on hybrid gene expression programming and cloud computing in a cyber physical power system, IET Control Theory Appl., 2017, vol. 11, no. 1, pp. 1822–1829. doi 10.1049/iet-cta.2016.1401
Moustafa, N., Creech, G., and Slay, J., Big Data analytics for intrusion detection system: Statistical decision-making using finite Dirichlet mixture models, in Data Analytics and Decision Support for Cybersecurity. Data Analytics, Cham: Springer, 2017, pp. 127–156. doi 10.1007/978-3-319-59439-2_5
Pechenkin, A.I., Poltavtseva, M.A., and Lavrova, D.S., An approach to data normalization in the Internet of Things for security analysis, Program. Prod. Sist., Tver, 2016, no. 2, pp. 83–88. doi 10.15827/0236-235X.114.083-088
Klepman, M., Vysokonagruzhennye prilozheniya. Programmirovanie, masshtabirovanie, podderzhka (Highly Loaded Applications. Programming, Scaling, Support), St. Petersburg: Piter, 2018.
Magda, Yu.S., Programmirovanie i otladka S, in S++ prilozhenii dlya mikrokontrollerov ARM (Programming and Debugging C/C++ Applications for ARM Microcontrollers), Moscow: DMK Press, 2012.
ACKNOWLEDGMENTS
The results of the work were obtained using the computing resources of the supercomputing center of Peter the Great St. Petersburg Polytechnic University (SCC Polytekhnicheskii) (http://www.spbstu.ru).
This work was financially supported by the Ministry of Education and Science of the Russian Federation in the framework of the Federal Targeted Program “Research and Development in the High-Priority Areas of Development of the Scientific and Technology sector of Russia for 2014–2020,” agreement no. 14.578.21.0231, unique agreement identifier RFMEFI57817X0231.
Author information
Authors and Affiliations
Corresponding author
Additional information
Translated by Yu. Bezlepkina
About this article
Cite this article
Shterenberg, S.I., Poltavtseva, M.A. A Distributed Intrusion Detection System with Protection from an Internal Intruder. Aut. Control Comp. Sci. 52, 945–953 (2018). https://doi.org/10.3103/S0146411618080230
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411618080230