Abstract
Three reasons, in our opinion, are responsible for the high false alarm rate of current intrusion detection practice. They are: (i) only single information source is analysed by an intrusion detection system, (ii) only a single method is used for the analysis, and (iii) there is no distinction of vulnerability, threat, attack, and intrusion. This paper first studies the dynamics of attackers and defenders and then lists all possible information sources. A multiple agents based integrated intrusion detection system (IIDS) is then proposed. The status of our current work is also discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Eskin, E.: Anomaly Detection over Noisy Data Using Learned Probability Distributions. In: The 17th International Conference on Machine Learning, Morgan Kaufmann, San Francisco (2000)
Ourston, D., et al.: Coordinated Internet attacks: responding to attack complexity. Journal of Computer Security 12, 165–190 (2004)
Anderson, R., Khattak, A.: The use of Information Retrieval Techniques for Intrusion Detection. In: First International Workshop on Recent Advances in Intrusion Detection (RAID 1998), Louvain-la-Neuve, Belgium (1998)
Balasubramaniyan, J.S., et al.: An Architecture for Intrusion Detection using Autonomous Agents. In: 14th IEEE Computer Security Applications Conference (ACSAC 1998), IEEE Computer Society, USA (1998)
Bradshaw, J.M.: An Introduction to Software Agents. In: Bradshaw, J.M. (ed.) Software Agents, pp. 3–46. AAAI Press/The MIT Press (1997)
Crosbie, M., Spafford, G.: Defending a Computer System using Autonomous Agents. In: 18th National Information Systems Security Conference, Baltimore, Maryland, USA (1995)
Sherif, J.S., Ayers, R., Dearmond, T.G.: Dearmond, Intrusion Detedction: the art and the practice, Part 1. Information Management & Computer Security 11(4), 175–186 (2003)
Sherif, J.S., Ayers, R.: Intrusion detection: methods and systems, Part II. Information Management & Computer Security 11(5), 222–229 (2003)
Snort, Snort web site, http://www.snort.org
cisco, Cisco IOS Firewall Intrusion Detection System 8010e5c8.shtml, http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_white_paper09186a00
Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In: 17th Annual Computer Security Applications Conference (ACSAC 2001), IEEE, Los Alamitos (2001)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 3rd edn. Prentice Hall, Englewood Cliffs (2003)
Sharma, D., Ma, W., Tran, D.: On a Computer Security Framework. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3684, Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ma, W., Sharma, D. (2005). A Multiple Agents Based Intrusion Detection System. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2005. Lecture Notes in Computer Science(), vol 3681. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552413_30
Download citation
DOI: https://doi.org/10.1007/11552413_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28894-7
Online ISBN: 978-3-540-31983-2
eBook Packages: Computer ScienceComputer Science (R0)