Multiagent Systems for Network Intrusion Detection: A Review

  • Álvaro Herrero
  • Emilio Corchado
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 63)


More and more, Intrusion Detection Systems (IDSs) are seen as an important component in comprehensive security solutions. Thus, IDSs are common elements in modern infrastructures to enforce network policies. So far, plenty of techniques have been applied for the detection of intrusions, which has been reported in many surveys. This work focuses the development of network-based IDSs from an architectural point of view, in which multiagent systems are applied for the development of IDSs, presenting an up-to-date revision of the state of the art.


Multiagent Systems Distributed Artificial Intelligence Computer Network Security Intrusion Detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chuvakin, A.: Monitoring IDS. Information Security Journal: A Global Perspective 12(6), 12–16 (2004)CrossRefGoogle Scholar
  2. 2.
    Frank, J.: Artificial Intelligence and Intrusion Detection: Current and Future Directions. In: 17th National Computer Security Conf., Baltimore, MD, vol. 10 (1994)Google Scholar
  3. 3.
    Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network Intrusion Detection. IEEE Network 8(3), 26–41 (1994)CrossRefGoogle Scholar
  4. 4.
    Engelhardt, D.: Directions for Intrusion Detection and Response: a Survey. Electronics and Surveillance Research Laboratory, Defence Science and Technology Organisation, Department of Defence, Australian Government (1997)Google Scholar
  5. 5.
    Jones, A., Sielken, R.: Computer System Intrusion Detection: A Survey. White paper. University of Virginia - Computer Science Department (1999)Google Scholar
  6. 6.
    Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks - the International Journal of Computer and Telecommunications Networking 31(8), 805–822 (1999)Google Scholar
  7. 7.
    Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report. Chalmers University of Technology. Department of Computer Engineering (2000)Google Scholar
  8. 8.
    Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028. Carnegie Mellon University - Software Engineering Institute (2000)Google Scholar
  9. 9.
    McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)zbMATHGoogle Scholar
  10. 10.
    Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25(15), 1356–1365 (2002)CrossRefGoogle Scholar
  11. 11.
    Mukkamala, S., Sung, A.H.: A Comparative Study of Techniques for Intrusion Detection. In: 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 570–577 (2003)Google Scholar
  12. 12.
    Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Anomaly Detection Methods in Wired Networks: a Survey and Taxonomy. Computer Communications 27(16), 1569–1584 (2004)CrossRefGoogle Scholar
  13. 13.
    Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion Detection: a Survey. In: Managing Cyber Threats: Issues, Approaches, and Challenges 5. Massive Computing, pp. 19–78. Springer, US (2005)Google Scholar
  14. 14.
    Patcha, A., Park, J.-M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51(12), 3448–3470 (2007)CrossRefGoogle Scholar
  15. 15.
    García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security 28(1-2), 18–28 (2009)CrossRefGoogle Scholar
  16. 16.
    Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)Google Scholar
  17. 17.
    Franklin, S., Graesser, A.: Is It an Agent, or Just a Program? A Taxonomy for Autonomous Agents. In: Jennings, N.R., Wooldridge, M.J., Müller, J.P. (eds.) ECAI-WS 1996 and ATAL 1996. LNCS, vol. 1193, pp. 21–35. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  18. 18.
    Russell, S.J., Norvig, P.: Artificial Intelligence: a Modern Approach. Prentice Hall, Englewood Cliffs (1995)zbMATHGoogle Scholar
  19. 19.
    Weiss, G.: Multiagent Systems: a Modern Approach to Distributed Artificial Intelligence. MIT Press, Cambridge (1999)Google Scholar
  20. 20.
    Ferber, J.: Multi-agent Systems: an Introduction to Distributed Artificial Intelligence. Addison-Wesley, Reading (1999)Google Scholar
  21. 21.
    Durfee, E.H., Lesser, V.R.: Negotiating Task Decomposition and Allocation Using Partial Global Planning. In: Distributed Artificial Intelligence, vol. 2. Morgan Kaufmann Publishers Inc., San Francisco (1989)Google Scholar
  22. 22.
    Jennings, N.R., Sycara, K., Wooldridge, M.: A Roadmap of Agent Research and Development. Autonomous Agents and Multi-Agent Systems 1(1), 7–38 (1998)CrossRefGoogle Scholar
  23. 23.
    Wooldridge, M.: Agent-based Computing. Interoperable Communication Networks 1(1), 71–97 (1998)Google Scholar
  24. 24.
    Stolfo, S., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D.W., Chan, P.K.: JAM: Java Agents for Meta-Learning over Distributed Databases. In: Third International Conference on Knowledge Discovery and Data Mining, pp. 74–81 (1997)Google Scholar
  25. 25.
    Reilly, M., Stillman, M.: Open Infrastructure for Scalable Intrusion Detection. In: IEEE Information Technology Conference, pp. 129–133 (1998)Google Scholar
  26. 26.
    Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)Google Scholar
  27. 27.
    Hegazy, I.M., Al-Arif, T., Fayed, Z.T., Faheem, H.M.: A Multi-agent Based System for Intrusion Detection. IEEE Potentials 22(4), 28–31 (2003)CrossRefGoogle Scholar
  28. 28.
    Gorodetski, V., Kotenko, I., Karsaev, O.: Multi-Agent Technologies for Computer Network Security: Attack Simulation, Intrusion Detection and Intrusion Detection Learning. Computer Systems Science and Engineering 18(4), 191–200 (2003)Google Scholar
  29. 29.
    Miller, P., Inoue, A.: Collaborative Intrusion Detection System. In: 22nd International Conference of the North American Fuzzy Information Processing Society (NAFIPS 2003), pp. 519–524 (2003)Google Scholar
  30. 30.
    Gorodetsky, V., Karsaev, O., Samoilov, V., Ulanov, A.: Asynchronous alert correlation in multi-agent intrusion detection systems. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 366–379. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., Yarramsettii, R.: CIDS: An agent-based intrusion detection system. Computers & Security 24(5), 387–398 (2005)CrossRefGoogle Scholar
  32. 32.
    Cougaar: Cognitive Agent Architecture,
  33. 33.
    Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). IETF RFC 4765 (2007)Google Scholar
  34. 34.
    Gowadia, V., Farkas, C., Valtorta, M.: PAID: A Probabilistic Agent-Based Intrusion Detection system. Computers & Security 24(7), 529–545 (2005)CrossRefGoogle Scholar
  35. 35.
    Tsang, C.-H., Kwong, S.: Multi-agent Intrusion Detection System in Industrial Network using Ant Colony Clustering Approach and Unsupervised Feature Extraction. In: IEEE International Conference on Industrial Technology (ICIT 2005), pp. 51–56 (2005)Google Scholar
  36. 36.
    Mukkamala, S., Sung, A.H., Abraham, A.: Hybrid Multi-agent Framework for Detection of Stealthy Probes. Applied Soft Computing 7(3), 631–641 (2007)CrossRefGoogle Scholar
  37. 37.
    Herrero, Á., Corchado, E., Pellicer, M.A., Abraham, A.: MOVIH-IDS: A Mobile-Visualization Hybrid Intrusion Detection System. Neurocomputing 72(13-15), 2775–2784 (2009)CrossRefGoogle Scholar
  38. 38.
    Corchado, J.M., Laza, R.: Constructing Deliberative Agents with Case-Based Reasoning Technology. International Journal of Intelligent Systems 18(12), 1227–1241 (2003)CrossRefGoogle Scholar
  39. 39.
    Pellicer, M.A., Corchado, J.M.: Development of CBR-BDI Agents. International Journal of Computer Science and Applications 2(1), 25–32 (2005)Google Scholar
  40. 40.
    Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)Google Scholar
  41. 41.
    Jansen, W.A., Karygiannis, T., Marks, D.G.: Applying Mobile Agents to Intrusion Detection and Response. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (1999)Google Scholar
  42. 42.
    Asaka, M., Taguchi, A., Goto, S.: The Implementation of IDA: An Intrusion Detection Agent System. In: 11th Annual Computer Security Incident Handling Conference, vol. 6 (1999)Google Scholar
  43. 43.
    De Queiroz, J.D., da Costa Carmo, L.F.R., Pirmez, L.: Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications. In: Second International Workshop on Recent Advances in Intrusion Detection, RAID 1999 (1999)Google Scholar
  44. 44.
    Mell, P., Marks, D., McLarnon, M.: A Denial-of-service Resistant Intrusion Detection Architecture. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4), 641–658 (2000)Google Scholar
  45. 45.
    Krügel, C., Toth, T., Kirda, E.: SPARTA: a Mobile Agent Based Instrusion Detection System. In: IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security. IFIP Conference Proceedings, vol. 206, pp. 187–200. Kluwer, Dordrecht (2001)Google Scholar
  46. 46.
    Dasgupta, D., Brian, H.: Mobile Security Agents for Network Traffic Analysis. In: DARPA Information Survivability Conference & Exposition II (DISCEX 2001), vol. 2, pp. 332–340 (2001)Google Scholar
  47. 47.
    Helmer, G., Wong, J.S.K., Honavar, V.G., Miller, L.: Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software 60(3), 165–175 (2002)CrossRefGoogle Scholar
  48. 48.
    Helmer, G., Wong, J.S.K., Honavar, V., Miller, L., Wang, Y.: Lightweight Agents for Intrusion Detection. Journal of Systems and Software 67(2), 109–122 (2003)CrossRefGoogle Scholar
  49. 49.
    Li, C., Song, Q., Zhang, C.: MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agents. In: 2nd International Conference on Information Technology for Application (ICITA 2004), pp. 451–455 (2004)Google Scholar
  50. 50.
    Marks, D.G., Mell, P., Stinson, M.: Optimizing the Scalability of Network Intrusion Detection Systems Using Mobile Agents. Journal of Network and Systems Management 12(1), 95–110 (2004)CrossRefGoogle Scholar
  51. 51.
    Deeter, K., Singh, K., Wilson, S., Filipozzi, L., Vuong, S.T.: APHIDS: A mobile agent-based programmable hybrid intrusion detection system. In: Karmouch, A., Korba, L., Madeira, E.R.M. (eds.) MATA 2004. LNCS, vol. 3284, pp. 244–253. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  52. 52.
    Alam, M.S., Gupta, A., Wires, J., Vuong, S.T.: APHIDS++: Evolution of A programmable hybrid intrusion detection system. In: Magedanz, T., Karmouch, A., Pierre, S., Venieris, I.S. (eds.) MATA 2005. LNCS, vol. 3744, pp. 22–31. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  53. 53.
    Kolaczek, G., Pieczynska-Kuchtiak, A., Juszczyszyn, K., Grzech, A., Katarzyniak, R.P., Nguyen, N.T.: A mobile agent approach to intrusion detection in network systems. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 514–519. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  54. 54.
    Foukia, N.: IDReAM: Intrusion Detection and Response Executed with Agent Mobility Architecture and Implementation. In: Fourth International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS 2005). ACM, The Netherlands (2005)Google Scholar
  55. 55.
    Alim, A.S.A., Ismail, A.S., Ahmed, S.H.: IDSUDA: An Intrusion Detection System Using Distributed Agents. Journal of Computer Networks and Internet Research 5(1), 1–11 (2005)Google Scholar
  56. 56.
    Wang, H.Q., Wang, Z.Q., Zhao, Q., Wang, G.F., Zheng, R.J., Liu, D.X.: Mobile agents for network intrusion resistance. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 965–970. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 1
  1. 1.Department of Civil EngineeringUniversity of BurgosBurgosSpain

Personalised recommendations