Title :
A Multi-agent-based Approach to Improve Intrusion Detection Systems False Alarm Ratio by Using Honeypot
Author :
Khosravifar, Babak ; Gomrokchi, Maziar ; Bentahar, Jamal
Author_Institution :
Dept. Comp. Eng., Concordia Univ., Montreal, QC
Abstract :
In this paper we propose a new architecture, which is composed of distributed cooperative agents to reduce the false alarm ratio of the intrusion detection systems (IDS) in a twofold contribution. The first contribution lies in reducing the false alarm rate of the attack detection in an agent-based architecture by using honeypot network as the closer level of investigation. The connection is retrieved to the original destination in case of false alarm recognition, while the actions are hidden to the user. Such a scheme significantly decreases the alarm rate and provides a higher performance of IDS. The second contribution applies the game theoretic analysis in the sense that the contributing agents are led to perform the best they could in order to achieve their goals. The Shaply value is computed to find the actual contribution of each agent in the coalition he belongs to. The equilibrium point is found and consequently the winner coalition is formed. In this paper the architecture of the proposed system is described, a theoretical analysis of agents´ behavior is given and its possible extensions are explained.
Keywords :
game theory; multi-agent systems; security of data; attack detection; distributed cooperative agents; false alarm ratio; false alarm recognition; game theoretic analysis; honeypot network; intrusion detection systems; multiagent based approach; Computer architecture; Game theory; Intelligent agent; Intrusion detection; Multiagent systems; Performance analysis; Real time systems; Scalability;
Conference_Titel :
Advanced Information Networking and Applications Workshops, 2009. WAINA '09. International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-3999-7
Electronic_ISBN :
978-0-7695-3639-2
DOI :
10.1109/WAINA.2009.103
