Skip to main content
SpringerLink
Log in

An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies

  • Conference paper
7th International Conference on Practical Applications of Agents and Multi-Agent Systems (PAAMS 2009)

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 55))

Abstract

Distributed Intrusion Detection Systems (DIDS) have been integrated to other techniques to incorporate some degree of adaptability. For instance, IDS and intelligent techniques facilitate the automatic generation of new signatures that allow this hybrid approach to detect and prevent unknown attacks patterns. Additionally, agent based architectures offer capabilities such as autonomy, reactivity, pro-activity, mobility and rationality that are desirables in IDSs. This paper presents an intrusion detection and prevention model that integrates an intelligent multi-agent system. The knowledge model is designed and represented with ontological signature, ontology rule representation for intrusion detection and prevention, and event correlation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)

    MATH  Google Scholar 

  2. Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., et al.: CIDS: An agent-based intrusion detection system. Computer and Security: Science Direct 24(5), 387–398 (2005)

    Google Scholar 

  3. Boukerche, A., Machado, R., Juc, K.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Butterworth-Heinemann, 2649–2660 (2007)

    Google Scholar 

  4. Al-Hamami, A.H., Hashem, S.H.: A Proposed Multi-Agent System for Intrusion Detection System in a Complex Network. In: Information and Communication Technologies, ICTTA 2006, vol. 2, pp. 3552–3556 (2006)

    Google Scholar 

  5. Spafford, E., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)

    Article  Google Scholar 

  6. Orfila, A., Carbo, J., Ribagorda, A.: Autonomous decision on intrusion detection with trained BDI agents. Butterworth-Heinemann, 1803–1813 (2008)

    Google Scholar 

  7. Herrero, A., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization in Innovations in Hybrid Intelligent Systems, pp. 320–328. Springer, Heidelberg (2008)

    Google Scholar 

  8. Spafford, E.: Autonomous Agents for Intrusion Detection. Purdue CERIAS (Center for Education and Research in Information Assurance and Security. Consulted (2008), http://www.cerias.purdue.edu/about/history/coast/projects/aafid.php

  9. Ning, P.: Probalistic states in Network Security. North Carolina State University (2003)

    Google Scholar 

  10. Eid, M.: A New Mobile Agent-Based Intrusion detection System Using distributed Sensors. In: Proceeding of FEASC, pp. 114–125 (2004)

    Google Scholar 

  11. Golovko, V., Kachurka, P., Vaitsekhovich, L.: Neural Network Ensembles for Intrusion Detection. In: 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, IDAACS 2007, pp. 578–583 (2007)

    Google Scholar 

  12. Oksuz, A.: Phd Thesis Unsupervised Intrusion Detection System. Informatics and Mathematical Modelling, Technical University of Denmark (2007)

    Google Scholar 

  13. Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Duque, N., Bonilla, C.M., Bohorquez, D., Isaza, G.: Sistema Neuronal de Detección de Intrusos. In: Zapata, C.M.y.G. (ed.) Tendencias en Ingeniería de Software e Inteligencia Artificial, G.M: Medellin (Colombia), vol. 2, pp. 99–105 (2008)

    Google Scholar 

  15. Abadeh, M., Habibi, J., Barzegar, Z., Sergi, M.: A parallel genetic local search algorithm for intrusion detection in computer networks, pp. 1058–1069. Pergamon Press, Inc., Oxford (2007)

    Google Scholar 

  16. Ye, N., Li, X., Emran, S.: Decision Tree for Signature Recognition and State Classification. In: IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, New York, pp. 194–199 (2000)

    Google Scholar 

  17. Garcia, P.: Intensive Use of Bayesian Belief Networks for the Unified, Flexible and Adaptable Analysis of Misuses and Anomalies in Network Intrusion Detection and Prevention Systems. In: Proceedings of the 18th International Conference on Database and Expert Systems Applications. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  18. Kumar, S.: Classification and Detection of Computer Intrusions. Department of Computer Sciences. Purdue University, Purdue (1995)

    Google Scholar 

  19. Li, K., Teng, G.: Unsupervised SVM Based on p-kernels for Anomaly Detection. In: Proceedings of the First International Conference on Innovative Computing, Information and Control, vol. 2. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  20. Zurutuza, U., Uribeetxeberria, R., Fernández, I., Zamboni, D.: Un marco inteligente para el análisis de tráfico generado por gusanos en internet. In: XRECSI X Reunión Espanola sobre Criptología y Seguridad de la Información, Salamanca, pp. 607–618 (2008)

    Google Scholar 

  21. Zurutuza, U., Uribeetxeberria, R., Azketa, E., Gil, G., et al.: Combined Data Mining Approach for Intrusion Detection. In: International Conference on Security and Criptography, Barcelona, Spain (2008)

    Google Scholar 

  22. Mukkamala, S., Sung, A.H., Abraham, A.: Intrusion detection using an ensem-ble of intelligent paradigms. Journal of Network and Computer Applications 28(2), 167–182 (2005)

    Article  Google Scholar 

  23. Tsang, C., Kwong, S., Wang, H.: Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection, pp. 2373–2391. Elsevier Science Inc., Amsterdam (2007)

    Google Scholar 

  24. Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)

    Google Scholar 

  25. Undercoffer, J., Finin, T., Joshi, A., Pinkston, J.: A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors. In: Knowledge Engineering Review - Special Issue on Ontologies for Distributed Systems, pp. 2–22. Cambridge University Press, Cambridge (2005)

    Google Scholar 

  26. Mandujano, S., Galvan, A., Nolazco, J.: An ontology-based multiagent approach to outbound intrusion detection. In: The 3rd ACS/IEEE International Conference on Computer Systems and Applications, p. 94 (2005)

    Google Scholar 

  27. Castillo, A.: Modelos y Plataformas de Agentes Software Móviles e Inteligentes para Gestión del Conocimiento en el Contexto de las Tecnologías de la Información, Departamento de Informática, Universidad Pontificia de Salamanca, Madrid (2004)

    Google Scholar 

  28. Perez, C., Isaza, G., Brito, J.: Aplicación de Redes Neuronales para la detección de intrusos en redes y sistemas de información. Scientia et Technica  XI(27), 225–230 (2005)

    Google Scholar 

  29. MathWorks. Neural Network ToolboxTM 6.0 Design and simulate neural networks. Consulted: 2008 (2008), http://www.mathworks.com/products/neuralnet/

  30. Fischer, I., Hennecke, F., Bannes, C., Zell, A.: User Manual, versión 1.1 of JAVA-NNS (Java Neural Network Simulator), University of Tübingen, Wilhelm-Schickard-Institute for Computer Science, Department of Computer Architecture (2002)

    Google Scholar 

  31. DARPA. DARPA Intrusion Detection Evaluation, The 1999 DARPA off-line intrusion detection evaluation, LINCOLN LABORATORY Massachusetts Institute of Technology. Consulted (2008), http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html

  32. Herve, C.: IDSWakeUP. Consulted: 2008 (2002), http://www.hsc.fr/ressources/outils/idswakeup/index.html.en

  33. Mutz, D., Vigna, G., Kemmerer, R.: An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems, Department of Computer Science University of California, Santa Barbara (2003)

    Google Scholar 

  34. LuigiBellifemine, F., Caire, G., Greenwoo, D.: Developing Multi-Agent Systems with JADE. Wiley Series in Agent Technology, vol. 2008 (2007)

    Google Scholar 

  35. Curry, D.A., Debar, H., Feinstein, B.S.: Intrusion Detection Message Exchange Format. Intrusion Detection Working Group – Internet Engineering Task Force, Internet Draft (2004)

    Google Scholar 

  36. JENA. Jena – A Semantic Web Framework for Java. Consulted: Enero 2008 (2007), http://jena.sourceforge.net/

Download references

Author information

Authors and Affiliations

  1. Departamento de Sistemas e Informática, Universidad de Caldas, Calle 65 # 26-10, Manizales, Colombia

    Gustavo A. Isaza

  2. Departamento de Lenguajes y Sistemas Informáticos e Ingeniería del Software, Universidad Pontificia de Salamanca, Campus Madrid, Paseo Juan XXIII, 3, Madrid, Spain

    Andrés G. Castillo

  3. Departamento de Administración de Sistemas, Universidad Nacional de Colombia, Sede Manizales, Campus la Nubia, Colombia

    Néstor D. Duque

Authors
  1. Gustavo A. Isaza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrés G. Castillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Néstor D. Duque
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Laboratoire d’Informatique de Grenoble Maison Jean Kuntzmann, Domaine Universitaire de Saint Martin d’Heres, 110 av. de la Chimie, 38041, Grenoble, France

    Yves Demazeau

  2. Facultad de Informática de la, Universidad Complutense de Madrid, Avda. Complutense s/n, 28040, Madrid, Spain

    Juan Pavón

  3. Departamento de Informática y Automática Facultad de Ciencias, Universidad de Salamanca, Plaza de la Merced S/N, 37008, Salamanca, Spain

    Juan M. Corchado  & Javier Bajo  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Isaza, G.A., Castillo, A.G., Duque, N.D. (2009). An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: Demazeau, Y., Pavón, J., Corchado, J.M., Bajo, J. (eds) 7th International Conference on Practical Applications of Agents and Multi-Agent Systems (PAAMS 2009). Advances in Intelligent and Soft Computing, vol 55. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00487-2_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00487-2_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00486-5

  • Online ISBN: 978-3-642-00487-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation