Distributed Intrusion Detection Systems

Computational Intelligent

Computer security is defined as the protection of computing systems against threats to confidentiality, integrity and availability. An intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as Intrusion Detection System (IDS). A Distributed IDS (DIDS) consists of several IDS over a large network (s), all of which communicate with each other, or with a central server that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using co-operative intelligent agents distributed across the network(s). This chapter presents a framework for a DIDS comprised of a multi-agent framework with computational intelligent techniques, to reduce the data features to create lightweight detection systems and a hybrid-intelligent system approach to improve detection accuracy.

Distributed Intrusion Detection Systems

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch112 ◽

2008 ◽

pp. 1639-1659

Author(s):

Ajith Abraham ◽

Johnson Thomas

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Intelligent Agents ◽

Intelligent System ◽

Detection System ◽

Detection Accuracy ◽

Large Network ◽

Detection Systems ◽

Computational Intelligent

Computer security is defined as the protection of computing systems against threats to confidentiality, integrity and availability. An intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as Intrusion Detection System (IDS). A Distributed IDS (DIDS) consists of several IDS over a large network (s), all of which communicate with each other, or with a central server that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using co-operative intelligent agents distributed across the network(s). This chapter presents a framework for a DIDS comprised of a multi-agent framework with computational intelligent techniques, to reduce the data features to create lightweight detection systems and a hybrid-intelligent system approach to improve detection accuracy.

Security and Privacy Management, Techniques, and Protocols - Advances in Information Security, Privacy, and Ethics ◽

Intrusion Detection Systems Alerts Reduction

10.4018/978-1-5225-5583-4.ch010 ◽

2018 ◽

pp. 255-275 ◽

Cited By ~ 1

Author(s):

Aymen Akremi ◽

Hassen Sallay ◽

Mohsen Rouached

Keyword(s):

Intrusion Detection ◽

High Speed ◽

Detection System ◽

Search Space ◽

Relevant Information ◽

Detection Accuracy ◽

Detection Systems ◽

Rules Set ◽

Intrusion Alerts

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

Sustainability ◽

10.3390/su131810057 ◽

2021 ◽

Vol 13 (18) ◽

pp. 10057

Author(s):

Imran ◽

Faisal Jamil ◽

Dohyeun Kim

Keyword(s):

Intrusion Detection ◽

Detection System ◽

The Internet ◽

Detection Accuracy ◽

Learning Mechanism ◽

Detection Systems ◽

Network Applications ◽

Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

Data Mining Techniques for Providing Network Security through Intrusion Detection Systems: a Survey

International Journal of Advances in Applied Sciences ◽

10.11591/ijaas.v7.i1.pp7-12 ◽

2018 ◽

Vol 7 (1) ◽

pp. 7

Author(s):

Prabhu Kavin B ◽

Ganapathy S

Keyword(s):

Data Mining ◽

Network Security ◽

Intrusion Detection ◽

Detection System ◽

Detection Accuracy ◽

Data Mining Techniques ◽

Detection Systems ◽

Data Mining Algorithms ◽

Soft Computing Techniques

Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.

An adaptive distributed Intrusion detection system architecture using multi agents

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v9i6.pp4951-4960 ◽

2019 ◽

Vol 9 (6) ◽

pp. 4951

Author(s):

Riyad A. M. ◽

M. S. Irfan Ahmed ◽

R. L. Raheemaa Khan

Keyword(s):

Intrusion Detection ◽

Mobile Agents ◽

Detection System ◽

Single Point ◽

False Positives ◽

Detection Systems ◽

Bulk Data ◽

Multi Agents

Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the identification of distributed types of attacks. The co-ordinator agents log various events and summarize the activities in its network. It also communicates with co-ordinator agents of other networks. The system is highly scalable by increasing the number of various agents if needed. Centralized processing is avoided here to evade single point of failure. We created a prototype and the experiments done gave very promising results showing the effectiveness of the system.

Distributed Intrusion Detection Systems

Web Services Security and E-Business ◽

10.4018/978-1-59904-168-1.ch013 ◽

2007 ◽

pp. 231-238

Author(s):

Rosalind Deena Kumari ◽

G. Radhamani

Keyword(s):

Intrusion Detection ◽

System Architecture ◽

Detection System ◽

Research Work ◽

Future Research ◽

Detection Systems ◽

Entire Network

The recent tremendous increase in the malicious usage of the network has made it necessary that an IDS should encapsulate the entire network rather than at a system. This was the inspiration for the birth of a distributed intrusion detection system (DIDS). Different configurations of DIDSs have been actively used and are also rapidly evolving due to the changes in the types of threats. This chapter will give the readers an overview of DIDS and the system architecture. It also highlights on the various agents that are involved in DIDS and the benefits of the system. Finally, directions for future research work are discussed.

Hybrid ModifiedK-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems

The Scientific World JOURNAL ◽

10.1155/2015/294761 ◽

2015 ◽

Vol 2015 ◽

pp. 1-14 ◽

Cited By ~ 12

Author(s):

Wathiq Laftah Al-Yaseen ◽

Zulaiha Ali Othman ◽

Mohd Zakree Ahmad Nazri

Keyword(s):

Intrusion Detection ◽

Processing Time ◽

Detection System ◽

Network Size ◽

Data Networks ◽

Detection Accuracy ◽

Detection Systems ◽

And Performance

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modifiedK-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modifiedK-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

Mobile agents in Intrusion Detection Systems: Advantages and Disadvantages

WSEAS TRANSACTIONS ON INFORMATION SCIENCE AND APPLICATIONS ◽

10.37394/23209.2020.17.7 ◽

2020 ◽

Vol 17 ◽

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Information And Communication Technologies ◽

Detection System ◽

Computer Systems ◽

Communication Technologies ◽

Agent Based ◽

Detection Systems ◽

Advantages And Disadvantages ◽

Information And Communication

Digitization of information in all spheres of human activity and use of technological innovations, as a basic case for the emergence of all wages and attacks that are insufficient to modern technologies and the continuous expansion of the complexity of security and hardware. The protection against these attacks and wages can be viewed in different directions in information and communication technologies. Computer security is defined as the protection of computer systems against threats to confidentiality, integrity and availability. Penetration is defined as a set of actions to compromise the integrity, confidentiality, and availability of resources. To monitor the events that occur in computer systems or networks is called intrusion detection system (IDS). This paper presents the mobile agent based technologies as a tool in IDS systems and their advantages and disadvantages.

Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid

2020 IEEE/PES Transmission and Distribution Conference and Exposition (T&D) ◽

10.1109/td39804.2020.9299960 ◽

2020 ◽

Author(s):

Sathya Narayana Mohan ◽

Gelli Ravikumar ◽

Manimaran Govindarasu

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Detection System ◽

Distributed Intrusion Detection System