Assessing the Uncertainty of Communication Patterns in Distributed Intrusion Detection System

  • Krzysztof Juszczyszyn
  • Grzegorz Kołaczek
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4252)


A paper proposes a formal framework for communication patterns’ uncertainty assessment within a distributed multiagent IDS architecture. The role of the detection of communication anomalies in IDS is discussed then it is shown how sequences of detectable patterns like fan-in, fan-out values for given network node and clustering coefficients can be used to detect network anomalies caused by security incidents (worm attack, virus spreading). It is defined how to use the proposed techniques in distributed IDS and backtrack the incidents.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allmanz, M., et al.: A First Look at Modern Enterprise Traffic. In: Proc. Internet Measurement Conference, pp. 217–231 (October 2005)Google Scholar
  2. 2.
    Boykin, O., Roychowdhury, V.: Personal Email Networks: An Effective Anti-Spam Tool. IEEE Computer 38(4), 61–68 (2005)MathSciNetGoogle Scholar
  3. 3.
    Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the Internet topology. In: Proc. ACM SIGCOMM 1999 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 251–262 (August 1999)Google Scholar
  4. 4.
    Gorodetski, V., Karsaev, O., Khabalov, A., Kotenko, I., Popyack, L., Skormin, V.: Agent-Based Model of Computer Network Security System: A Case Study. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 39–50. Springer, Heidelberg (2001)Google Scholar
  5. 5.
    Jøsang, A.: A Logic for Uncertain Probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 9(3), 279–311 (2001)MathSciNetGoogle Scholar
  6. 6.
    Jøsang, A.: A Metric for Trusted Systems. In: Proceedings of the 21st National Security Conference, NSA, pp. 68–77 (1998)Google Scholar
  7. 7.
    Juszczyszyn, K., Nguyen, N.T., Kolaczek, G., Grzech, A., Pieczynska, A., Katarzyniak, R.: Agent-Based Approach for Distributed Intrusion Detection System Design. In: Alexandrov, V.N., van Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds.) ICCS 2006. LNCS, vol. 3993, pp. 224–231. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Kolaczek, G., Kuchtiak-Pieczynska, A., Juszczyszyn, K., Grzech, A., Katarzynak, R., Nguyen, N.T.: A Mobile Agent Approach to Intrusion Detection in Network Systems. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 514–519. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Kohler, E., Liy, J., Paxson, V., Shenker, S.: Observed Structure of Addresses in IP Traffic. In: Proc. SIGCOMM Internet Measurement Workshop, pp. 253–266 (November 2002)Google Scholar
  10. 10.
    Kotenko, I., et al.: Multi-Agent Modeling and Simulation of Distributed Denial-of-Service Attacks on Computer Networks. In: Proceedings of Third International Conference Navy and Shipbuilding Nowaday, St. Petersburg, pp. 38–47 (2003)Google Scholar
  11. 11.
    Nicol, D., Liljenstam, M., Liu, J.: Multiscale Modeling and Simulation of Worm Effects on the Internet Routing Infrastructure. In: Proc. Performance Tools Conference, pp. 1–10 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Krzysztof Juszczyszyn
    • 1
  • Grzegorz Kołaczek
    • 1
  1. 1.Institute of Information Science and EngineeringWroclaw University of TechnologyWroclawPoland

Personalised recommendations