|
|
|
| Multi-agent based hybrid Intrusion detection system |
| ZHANG Bao-jun1, PAN Xue-zeng1, WANG Jie-bing2,PING Ling-di1 |
(1.College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China;
2.Hifn (Hangzhou) Information Technology Limited Company, Hangzhou 310012, China) |
|
|
|
Abstract Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgement to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.
|
|
Published: 01 June 2009
|
|
|
基于多代理的混合式入侵检测系统模型
在当前的网络环境下进行实时的入侵检测往往面临以下问题:一是网络的规模庞大,需要处理大量的信息,进而要求入侵检测系统有较大的吞吐量;二是网络的环境复杂,数据类型多样,相应的要求入侵检测系统有较大的准确度.针对这些问题,提出了一个入侵检测系统的模型,该模型基于多代理的分布式结构,能够适应网络规模和带宽的变化,具有很好的可扩展性;混合应用了异常和误用入侵检测技术,具有低的误警率和漏警率;采用了多属性的特征提取方法,能够精确的把握入侵行为的特征,从而有效的识别入侵行为;采用径向基函数来构造分类器,使得分类器具有较强的推广能力,能够对未知的入侵行为进行准确的判定,进一步增强了入侵检测的准确性.实验表明该系统吞吐量大,准确性高,适合于当前高速复杂的网络环境,具有很好的实用性.
|
|
| [1] HEADY R, LUGER G, MACCABE A, et al. The architecture of a network level intrusion detection system [R]. New Mexico: Department of Computer Science, University of New Mexico, 1990.
[2] ANDERSON J P. Computer security threat monitoring and surveillance [R]. Fort Washington, Pennsylvania: James P Anderson Co., 1980.
[3] DENNING D E. An intrusion-detection model [J]. IEEE Transaction on Software Engineering, 1987, 13(2): 222232.
[4] LUNT T F, JAGANNATHAN R, LEE R, et al. Development and application of IDES: a real-time intrusion detection expert system [R]. California, USA: SRI International, 1988.
[5] HEBERLEIN L T, DIAS G V, LEVITT K N, et al. A network security monitor [C]∥ Proceedings of the IEEE Symposium on Research in Security and Privacy. Los Alamitos, California: IEEE Computer Society, 1990: 296305.
[6] SNAPP S R, BRENTANO J, DIAS G V, et al. DIDS (distributed intrusion detection system) - motivation, architecture, and an early prototype [C]∥ Proceedings of the 14th National Computer Security Conference. Baltimore, USA: NIST, 1991: 167176.
[7] SNAPP S R, SMAHA S E, GRANCE T, et al. The DIDS (distributed intrusion detection system) prototype [C]∥ Proceedings of the USENIX Summer 1992 Technical Conference. San Antonio, Texas: Usenix Association, 1992: 227233.
[8] CROSBIEM, SPAFFORD E. Defending a computer system using autonomous agonts\
[R\]. Indiana: COAST Laboratorg, Purdue University, West Lafayette,1994.
[9] BALASUBRAMANIYAN J S, GARCIA-FERNANDEZ J O, LSACOFF D, et al. An architecture for intrusion detection using autonomous agents [R]. West Lafayette: Purdue University, COAST Laboratory, 1998.
[10] SPAFFORD E H, ZAMBONI D. Intrusion Detection Using Autonomous Agents [J]. Computer Networks, 2000, 34(4): 547570.
[11] CHEUNG S, CRAWFORD R, DILGER M, et al. The design of GrIDS: a graph-based intrusion detection system [R]. Davis, CA: University of California at Davis, Department of Computer Science, 1999.
[12] CANNADY J. Artificial neural networks for misuse detection [R]. Fort Lauderdale: Nova Southeastern University, 1998: 113.
[13] CHAVAN S, SHAH K, DAVE N, et al. Adaptive neuro-fuzzy intrusion detection system [C]∥ IEEE International Conference on Information Technology: Coding and Computing (ITCC’04). Las Vegas, Nevada, USA: IEEE Computer Society, 2004, 1: 7073.
[14] ESPONDA F, FORREST S, HELMAN P. A formal framework for positive and negative detection [J]. IEEE Transactions on Systems, Man, and Cybernetics—Part B: Cybernetics, 2004, 34(1): 357374.
[15] MUKKAMALA S, SUNG A H, ABRAHAM A. Intrusion detection using ensemble of soft computing paradigms [C]∥ Third International Conference on Intelligent Systems Design and Applications, Intelligent Systems Design and Applications, Advances in Soft Computing. Germany: Springer Verlag, 2003: 239248. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
