Title :
Evaluating how well agent-based IDS perform
Author :
Hegazy, Islam M. ; Faheem, Hossam M. ; Al-Arif, Taha ; Ahmed, Tawfik
Author_Institution :
Fac. of Comput. & Inf. Sci., Ain Shams Univ., Cairo, Egypt
Abstract :
Intelligent agents - as a modern artificial intelligence concept - are now widely deployed in various software systems. The agent can be defined as a software entity which functions continuously and autonomously in a particular environment, able to carry out activities in a flexible and intelligent manner that is responsive to changes in the environment, and able to learn from its experience. An intrusion detection system can be decomposed into steps where an agent can perform a single or more step. But performance evaluation techniques of their use are still in the early stage. This infancy status holds especially true for agents used in intrusion detection systems (IDS) since they are new to this field. We believe that the two most important factors to measure for a given IDS are the risk time and the detection time. The risk time is the time at which the computer could be under risk of attack since the intrusion is not discovered yet. The smaller the detection time is the smaller the risk time. Thus, as a step towards a complete evaluation strategy, a simple IDS with agents was tested.
Keywords :
multi-agent systems; performance evaluation; security of data; software agents; agent-based IDS performance evaluation; artificial intelligence; detection time; intelligent agents; intrusion detection system; risk time; software agents; Computer crime; Intrusion detection; Libraries; Monitoring; Network servers; Performance evaluation; Risk analysis; Switches; Telecommunication traffic; Web server;
Journal_Title :
Potentials, IEEE
DOI :
10.1109/MP.2005.1462463
