Skip to main content
SpringerLink
Log in

Adaptive Agents Applied to Intrusion Detection

  • Conference paper
  • First Online:
Multi-Agent Systems and Applications III (CEEMAS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 2691))

Abstract

This paper proposes a system of agents that make predictions over the presence of intrusions. Some of the agents act as predictors implementing a given Intrusion Detection model, sniffing out the same traffic. An assessment agent weights the forecasts of such predictor agents, giving a final binary conclusion using a probabilistic model. These weights are continuously adapted according to the previous performance of each predictor agent. Other agent establishes if the prediction from the assessor agent was right or not, sending him back the results. This process is continually repeated and runs without human interaction. The effectiveness of our proposal is measured with the usual method applied in Intrusion Detection domain: Receiver Operating Characteristic curves (detection rate versus false alarm rate). Results of the adaptive agents applied to intrusion detection improve ROC curves as it is shown in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Balasubramaniyan, J. S., Garcia J.O., Isacoff D., Spafford E., Zamboni D.,: An Architecture for Intrusion Detection using Autonomous Agents. Procs. of the 14th Annual Computer Security Applications Conf., pp. 13–24. IEEE Computer Society, December 1998.

    Google Scholar 

  2. Vigna G., Cassell B., Fayram D.,: An Intrusion Detection System for Aglets. 6th Int. Conf. on Mobile Agents, Barcelona, Spain, October 2002.

    Google Scholar 

  3. Carver C., Hill J., Surdu J., Pooch U.,: A methodology for using Intelligent Agents to provide Automated Intrusion Response. Procs. of the IEEE Systems, Man, and Cybernetics Information Assurance and SecurityWorkshop, West Point, NY, June 6–7, 2000.

    Google Scholar 

  4. Dasgupta, D., Brian H.,: Mobile Security Agents for Network Traffic Analysis. Procs. DARPA Information Survivability Conf. adn Exposition II, IEEE Society Press, Anaheim, California, June 2001.

    Google Scholar 

  5. Crosbie, M., Spafford G.,: Active Defense of a Computer System using Autonomous Agents. Technical Report No. 95-008, Purdue University, U. S., June 1995.

    Google Scholar 

  6. Orfila A., Carbo J., Ribagorda A.: Fuzzy logic on Decision Model for IDS. Procs. IEEE Int. Conf. on Fuzzy Systems, St. Louis, May 2003.

    Google Scholar 

  7. Baldwin, J. F.,: A calculus for mass assignment in evidential reasoning. Advances in Dempster-Shafer Theory of Evidence, M. Fedrizzi, J. Kacprzyk, R. R. Yager, eds., John Wiley, 1992.

    Google Scholar 

  8. Carbo, J., Molina J.M., Davila, J.,: Trust management through fuzzy reputation. Accepted for Int. Journal of Cooperative Information Systems, to appear.

    Google Scholar 

  9. Carbo, J., Molina J.M., Davila J.,: A fuzzy model of reputation in multiagent system. Procs. 5th Int. Conf. on Autonomous Agents, Montreal, June 2001.

    Google Scholar 

  10. Smith R.G., David R.,: Frameworks for cooperation in distributed problem solving. IEEE Trans. On Systems, Man and Cybernetics, vol. 11, number 1, pp.61–70, June 1995.

    Article  Google Scholar 

  11. Maes, P.,: Agents that reduce work and information overload. Communications of the ACM, vol. 37, number 7, pp. 31–40, 1994.

    Article  Google Scholar 

  12. Rao, A. S., George., M.P.,: BDI-agents from theory to practice. Procs. 1st Int. Conf. on Multiagent Systems (ICMAS’95), San Francisco, June 1995.

    Google Scholar 

  13. Finin, T., McKay R., Fritzson, R., McEntire R.,: KQML: an information and knowledge exchange protocol. Procs. Int. Conf. on Building and Sharing of Very Large-Scale Knowledge Bases, December 1993.

    Google Scholar 

  14. Axelsson, S.,: Intrusion-detection systems: A taxonomy and survey. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology,SE-41296, Goteborg, Sweden, March 2000.

    Google Scholar 

  15. Axelsson, S.,: The base rate fallacy and its implications for the difficulty of intrusion detection. In 6th ACM conference on computer and communications security. Kent Ridge Digital Labs, Singapore, 1–4 November 1999, pp. 1–7

    Google Scholar 

  16. Lippman, R.P., Fried, D. J., Graf, I., Haines, J. W., Kendall, K. R., McClung, D., Weber, D., Webster, S.E., Wyshhogrod, D., Cunningham, R.K, Zissman, M.A.: Evaluating Intrusion detection systems: the 1998 DARPA O.-line Intrusion Detection Evaluation. Proceedings of the 2000 DARPA information survivality Conference and Exposition (DISCEX), Vol.2, IEEE Press, January 2000

    Google Scholar 

  17. Durst, R., Champion, T., Witten, B., Miller, E., Spagnolo, L.: Testing and evaluating computer intrusion detection systems. Communications of the ACM, 42(7), 1999, pp.53–61

    Article  Google Scholar 

  18. Gomez, J., Dasgupta, D.: Evolving Fuzzy Classifiers for Intrusion Detection. Proceedings of the 2002 IEEE. Workshop on Information Assurance. United States Military Academy, West Point, NY June 2001

    Google Scholar 

  19. Swets, J.A: The Relative Operating Characteristic in Psychology. Science, 182,1973,pp. 990–1000

    Article  Google Scholar 

  20. Egan, J.P: Signal detection theory and ROC-analysis. Academic Press, 1975

    Google Scholar 

  21. Martin, A., Doddington, G., Kamm, T., Ordowski, M., Przybocki, M.: The DET Curve in Assessment of Detection Task Performance. Proceedings EuroSpeech 4. 1998, pp. 1895–1898.

    Google Scholar 

  22. Lippmann, R.P., Shahian, D.M.:Coronary Artery Bypass Risk Prediction Using Neural Networks. Annals of Thoracic Surgery, 63. 1997. pp. 1635–1643.

    Article  Google Scholar 

  23. Stanski, H.R., Wilson, L. J., Burrows, W.R. Survey of common verification methods in meteorology. World Weather Report No. 8. World Meteorological Organization. Geneva.

    Google Scholar 

  24. Palmer, T.N., Brankovic, C., and Richardson, D. S. A Probability and Decision-Model Analysis of PROVOSTS easonal Ensemble Integrations. Research Department. Technical Memorandum No.265. Nov 1998.

    Google Scholar 

  25. Murphy, A.H. A new vector partition of the probability score. J. Appl. Meteor. 1973.

    Google Scholar 

  26. Katz, R.W., Murphy, A.H. Forecast value: prototype decision-making models. In Economic value of weather and climate forecasts. Eds. Cambridge University Press. 1997.

    Google Scholar 

  27. Wenke, L., Wei, F., Miller, M., Stolfo. S., Zadok, E. Toward Cost-Sensitive Modeling for Intrusion Detection and Response. North Carolina State University. Computer Science

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Carlos III University of Madrid, 28911, Madrid, Leganés, Spain

    Javier Carbó, Agustín Orfila & Arturo Ribagorda

Authors
  1. Javier Carbó
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Agustín Orfila
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Arturo Ribagorda
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electrical Engineering, Dept. of Cybernetics, Czech Technical University, 16627, Praha 6, Czech Republic

    Vladimír Mařík  & Michal Pěchouček  & 

  2. Siemens AG, CT, IC 6, Otto-Hahn-Ring 6, 81730, München, Germany

    Jörg Müller

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Carbó, J., Orfila, A., Ribagorda, A. (2003). Adaptive Agents Applied to Intrusion Detection. In: Mařík, V., Pěchouček, M., Müller, J. (eds) Multi-Agent Systems and Applications III. CEEMAS 2003. Lecture Notes in Computer Science(), vol 2691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45023-8_43

Download citation

  • DOI: https://doi.org/10.1007/3-540-45023-8_43

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40450-7

  • Online ISBN: 978-3-540-45023-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation