Abstract
Nowadays, the increase in technology has brought more sophisticated intrusions. Consequently, Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. This paper introduces a novel hybrid multi-agents IDS based on the intelligent combination of a clustering technique and an ontology model, called OCMAS-IDS. The latter integrates the desirable features provided by the multi-agents methodology with the benefits of semantic relations as well as the high accuracy of the data mining technique. Carried out experiments showed the efficiency of our distributed IDS, that sharply outperforms other systems over real traffic and a set of simulated attacks.
Chapter PDF
Similar content being viewed by others
References
Abdoli, F., Kahani, M.: Ontology-based Distributed Intrusion Detection System. In: Proceedings of the 14th International CSI Computer Conference CSICC 2009, Tehran, Iran, pp. 65–70 (2009)
Azad, C., Jha, V.K.: Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets. International Journal of Information Technology and Computer Science (IJITCS) 5(8), 75–90 (2013)
Azevedoln, R.R., Dantas, E.R.G., Santos, R.C., Rodrigues, C., Almeida, M.J.S.C., Freitas, F., Veras, W.C.: An Autonomic Ontology-Based Multiagent System for Intrusion Detection in Computing Environments. The International Journal for Infonomics 3(1), 1–7 (2010)
Brahmi, I., Ben Yahia, S., Aouadi, H., Poncelet, P.: Towards a Multiagent-Based Distributed Intrusion Detection System Using Data Mining Approaches. In: Cao, L., Bazzan, A.L.C., Symeonidis, A.L., Gorodetsky, V.I., Weiss, G., Yu, P.S. (eds.) ADMI 2011. LNCS, vol. 7103, pp. 173–194. Springer, Heidelberg (2012)
Brahmi, I., Ben Yahia, S., Poncelet, P.: \(\mathcal{AD}\)-\({\mathcal{C}}\) lust: Détection des anomalies basée sur le Clustering. In: Atelier Clustering Incrémental et Méthodes de Détection de Nouveauté en conjonction avec 11ème Conférence Francophone d’Extraction et de Gestion de Connaissances EGC 2011, Brest, France, pp. 27–41 (2011)
Brahmkstri, K., Thomas, D., Sawant, S.T., Jadhav, A., Kshirsagar, D.D.: Ontology Based Multi-Agent Intrusion Detection System for Web Service Attacks Using Self Learning. In: Meghanathan, N., Nagamalai, D., Rajasekaran, S. (eds.) Networks and Communications (NetCom2013). LNEE, vol. 284, pp. 265–274. Springer, Heidelberg (2014)
Djotio, T.N., Tangha, C., Tchangoue, F.N., Batchakui, B.: MONI: Mobile Agents Ontology based for Network Intrusions Management. International Journal of Advanced Media and Communication 2(3), 288–307 (2008)
Duan, L.: Density-Based Clustering and Anomaly Detection. In: Mircea, M. (ed.) Business Intelligence - Solution for Business Development, pp. 79–96 (2012)
Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML (2004), http://www.w3.org/Submission/SWRL/
Isaza, G.A., Castillo, A.G., López, M., Castillo, L.F.: Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention. Journal of Information Assurance and Security 5, 376–383 (2010)
Kim, G., Lee, S., Kim, S.: A Novel Hybrid Intrusion Detection Method Integrating Anomaly Detection With Misuse Detection. Expert Systems with Applications, 41(4, pt. 2 ), 1690–1700 (2014)
Li, W., Tian, S.: An Ontology-Based Intrusion Alerts Correlation System. Expert Systems with Applications 37(2010), 7138–7146 (2010)
Mandujano, S., Galvan, A., Nolazco, J.A.: An Ontology-Based Multiagent Approach to Outbound Intrusion Detection. In: Proceedings of the International Conference on Computer Systems and Applications, AICCSA 2005, Cairo, Egypt, pp. 94–I (2005)
PinzóN, C.I., De Paz, J.F., Herrero, Á., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL Injection Through Data Mining. Information Sciences 231, 15–31 (2013)
Ranjan, R., Sahoo, G.: A New Clustering Approach For Anomaly Intrusion Detection. International Journal of Data Mining and Knowledge Management Process (IJDKP) 4(2), 29–38 (2014)
Raskin, V., Hempelmann, C.F., Triezenberg, K.E., Nirenburg, S.: Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool. In: Proceedings of the 2001 Workshop on New Security Paradigms, NSPW 2001, Cloudcroft, New Mexico, pp. 53–59 (2001)
Roesch, M.: Snort - Lightweight Intrusion Detection System for Networks. In: Proceedings of of the 13th USENIX Conference on System Administration (LISA 1999), Seattle, Washington, pp. 229–238 (1999)
Sodiya, A., Ojesanmi, O., Akinola, O.C., Aborisade, O.: Neural Network based Intrusion Detection Systems. International Journal of Computer Applications 106(18), 19–24 (2014)
Syarif, I., Prugel-Bennett, A., Wills, G.: Unsupervised Clustering Approach for Network Anomaly Detection. In: Proceedings of the 4th International Conference on Networked Digital Technologies (NDT 2012), Dubai, AE, pp. 135–145 (2012)
Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Proceedings of the 6th International Workshop on the Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, pp. 113–135 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Brahmi, I., Brahmi, H., Yahia, S.B. (2015). A Multi-agents Intrusion Detection System Using Ontology and Clustering Techniques. In: Amine, A., Bellatreche, L., Elberrichi, Z., Neuhold, E., Wrembel, R. (eds) Computer Science and Its Applications. CIIA 2015. IFIP Advances in Information and Communication Technology, vol 456. Springer, Cham. https://doi.org/10.1007/978-3-319-19578-0_31
Download citation
DOI: https://doi.org/10.1007/978-3-319-19578-0_31
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19577-3
Online ISBN: 978-3-319-19578-0
eBook Packages: Computer ScienceComputer Science (R0)