Browse > Article
http://dx.doi.org/10.3745/JIPS.2010.6.4.481

Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques  

El-Semary, Aly M. (Dept. of Systems and Computer Engineering, Faculty of Engineering, Al-Azhar University)
Mostafa, Mostafa Gadal-Haqq M. (Dept. of Computer Science, Faculty of Computer and Information Science, Ain Shams University)
Publication Information
Journal of Information Processing Systems / v.6, no.4, 2010 , pp. 481-500 More about this Journal
Abstract
The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed. Consequently, a new architecture that allows them to cooperate in detecting attacks is proposed. The architecture uses Software Agents to provide scalability and distributability. It works in two modes: learning and detection. During learning mode, it generates a profile for each individual system using a fuzzy data mining algorithm. During detection mode, each system uses the FuzzyJess to match network traffic against its profile. The architecture was tested against a standard data set produced by MIT's Lincoln Laboratory and the primary results show its efficiency and capability to detect attacks. Finally, two new methods, the memory-window and memoryless-window, were developed for extracting useful parameters from raw packets. The parameters are used as detection metrics.
Keywords
Data-Mining; Fuzzy Logic; IDS; Intelligent Techniques; Network Security; Software Agents;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Bridges and R. Vaughn. Fuzzy data mining and genetic algorithms applied to intrusion detection. In Proceedings of the 23rd National Information Systems Security Conference, Baltimore, Maryland, 2000.
2 Ming-Yang Su. Discovery and prevention of attack episodes by frequent episodes mining and finite state machines. Journal of Network and Computer Applications, Vol.33, Issue 2, March, 2010, pp.156-167.   DOI   ScienceOn
3 The FuzzyJess toolkit. http://www.cs.vu.nl/~ksprac/2002/doc/fuzzyJDocs/FuzzyJess.html.
4 The C Language Integrated Production System (CLIPS). http://clipsrules.sourceforge.net/.
5 DARPA Intrusion Detection Data Set. http://www.ll.mit.edu/ mission/communications/ist/corpora/ideval/data/index.html,
6 W. Lee, S. Stolfo, and K. Mok. A data mining framework for building intrusion detection model. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, 1999.   DOI
7 J. E. Dickerson and J. A. Dickerson. Fuzzy network profiling for intrusion detection. In Proceedings of the North American Fuzzy Information Processing Society, Atlanta, Georgia, 2000, pp.301-306.   DOI
8 J. E. Dickerson, J. Juslin, J. A. Dickerson, and O. Koukousoula. Fuzzy intrusion detection. In Proceedings of North American Fuzzy Information Processing Society 2001, Vancouver, Canada, 2001.
9 G. Florez, S. Bridges, and R. Vaughn. An improved algorithm for fuzzy data mining for intrusion detection. In North American Fuzzy Information Processing Society Conference (NAFIPS 2002), (New Orleans, Louisiana), June, 2002.
10 Aly El-Semary, J. Edmonds, J. Gonzalez, and M. Papa. Framework for hybrid fuzzy logic intrusion detection systems. In Proceedings of the 2005 IEEE International Conference on Fuzzy Systems, Reno, Nevada, May 22-25, 2005, pp.325-330.   DOI
11 Aly El-Semary, J. Edmonds, J Gonzalez, and M. Papa. Implementation of a hybrid intrusion detection system using FuzzyJess. In Proceedings of the 7th International Conference on Enterprise Information Systems, Miami, Florida, 2005, pp.390- 393.
12 Aly El-Semary, J. Edmonds, J. Gonzalez and M. Papa. Applying data mining of fuzzy association rules to network intrusion detection. In Proceedings of the 7th Annual IEEE Information Assurance Workshop, United States Military Academy, West Point, NY, 2006, pp.100-107.
13 J. Luo and S. Bridges. Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection. International Journal of Intelligent Systems, 15(8):687-703, 2000.   DOI   ScienceOn
14 M. Qin and K. Hwang. Frequent episode rules for intrusive anomaly detection With Internet data mining. In Proceedings of the 13th USENIX Security Symposium, 2004.
15 J. Anderson. Computer security threat monitoring and surveillance. Technical Report, James P. Anderson Company, Fort Washington, Pennsylvania, 1980.
16 K. Ilgun, R. Kemmerer, and P. Porras. State transition analysis: A rule-based Intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181-199, 1995.   DOI   ScienceOn
17 D. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, 13(2):222-232, 1987.   DOI   ScienceOn
18 D. Anderson, T. Frivold, and A. Valdes. Next-generation intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-07, SRI International, Computer Science Laboratory, Menlo Park, California, 1995.
19 M. Roesch. Snort−lightweight intrusion detection for networks. In Proceedings of the 13th Systems Administration Conference, Seattle, Washington, 1999, pp.229-238.
20 S. Kumar and E. Spafford. Software architecture to support misuse intrusion detection. Technical Report, The COAST Project, Department of Computer Science, Purdue University, West Lafayette, Indiana, 1995.
21 T. Lane. Machine Learning Techniques for Computer Security. Ph.D. Dissertation, Purdue University, West Lafayette, Indiana, 2000.
22 W. Lee and S. Stolfo. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, 1998.