Agent-based Distributed Cooperative Intrusion Detection System

Author

Zhao-wen, LIN ; Xing-Tian, REN ; Yan, Ma

Author_Institution

BUPT Beijing Univ. of Posts & Telecommun., Beijing

fYear

2007

fDate

22-24 Aug. 2007

Firstpage

17

Lastpage

22

Abstract

Most of intrusion detection systems nowadays are not really distributed systems which cannot detect the distributed or cooperative attacks effectively. In this paper, an agent-based distributed cooperative model (ADCM) is proposed, which implements cooperative intrusion detection through efficient, normative event messages exchange among logic detection domains (LDD). Some specific detection agents are also presented which are independent separately, while they can communicate and cooperate with one another to take actions. The ADCM improves the ability of error tolerance and cooperation without degradation of efficiency. Prototype of a distributed intrusion detection system based on ADCM and the extended intrusion detection message exchange format is completed, which proves to be powerful as expected in detecting intrusions.

Keywords

multi-agent systems; security of data; telecommunication security; agent-based distributed cooperative model; intrusion detection; logic detection domains; Autonomous agents; Computer science; Data analysis; Degradation; Educational institutions; Event detection; Intrusion detection; Logic; Protocols; Prototypes; Agent; Cooperative Model; Distributed Attack; Intrusion Detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications and Networking in China, 2007. CHINACOM '07. Second International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-1009-5

Electronic_ISBN

978-1-4244-1009-5

Type

conf

DOI

10.1109/CHINACOM.2007.4469318

Filename

4469318