CAMNEP: Agent-Based Network Intrusion Detection System (Short Paper)
نویسندگان
چکیده
We present a prototype of agent-based intrusion detection system designed for deployment on high-speed backbone networks. The main contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm. The anomalies are used as an input for the trust modeling. In this stage, each agent determines the flow trustfulness from aggregated anomalies. The aggregation is performed by extended trust models that model the trustfulness of generalized situated identities, represented by a set of observable features. The system is based on traffic statistics in NetFlow format acquired by dedicated hardware-accelerated network cards, and is able to perform a real-time surveillance of the gigabit networks.
منابع مشابه
CAMNEP: An intrusion detection system for high- speed networks
The presented research aims to detect malicious traffic in high-speed networks by means of correlated anomaly detection methods. In order to acquire the real-time traffic statistics in NetFlow format, we deploy transparent inline probes based on FPGA elements. They provide traffic statistics to the agent-based detection layer, where each agent uses a specific anomaly detection method to detect ...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملAgent Based Intrusion Detection with Fuzzy Logic
In this paper we propose a framework for intrusion detection called Fuzzy Agent-Based Intrusion Detection. A unique feature of our model is that the agents use the fuzzy logic to process log files. This reduces the overhead in a distributed intrusion detection system. We have developed an agent communication architecture that provides a prototype implementation. Key-Words: intrusion detection, ...
متن کاملAgent Based Distributed Intrusion Detection System (ABDIDS)
This paper introduce (ABDIDS), a simple pattern attack ontology that allows agent based intrusion detection system to detect network traffic anomalies at a higher level more than most current intrusion detection systems do. The cooperative agent architecture has been presented. It has been shown how some attributes in network communication can be used to detect attacks. Finally, the benefits of...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008