Intelligent architecture based on MAS and CBR for intrusion detection

Proceedings of the 4th Edition of National Security Days (JNS4) Pub Date : 2014-05-12 DOI:10.1109/JNS4.2014.6850123

Mohssine El Ajjouri, S. Benhadou, H. Medromi

{"title":"Intelligent architecture based on MAS and CBR for intrusion detection","authors":"Mohssine El Ajjouri, S. Benhadou, H. Medromi","doi":"10.1109/JNS4.2014.6850123","DOIUrl":null,"url":null,"abstract":"The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks. We propose in this paper, a new architecture based intrusion MAS adding a learning feature abnormal behaviors that correspond to new attack patterns detection. Thanks to this feature to update the knowledge base of attacks take place when a new plan of attack is discovered. To learn a new attack, the architecture must detect at first and then update the basic attack patterns. For the detection step, the detection approach adopted is based on the technique of Case-Based Reasoning (CBR). Thus, the proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers.","PeriodicalId":228109,"journal":{"name":"Proceedings of the 4th Edition of National Security Days (JNS4)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th Edition of National Security Days (JNS4)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JNS4.2014.6850123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks. We propose in this paper, a new architecture based intrusion MAS adding a learning feature abnormal behaviors that correspond to new attack patterns detection. Thanks to this feature to update the knowledge base of attacks take place when a new plan of attack is discovered. To learn a new attack, the architecture must detect at first and then update the basic attack patterns. For the detection step, the detection approach adopted is based on the technique of Case-Based Reasoning (CBR). Thus, the proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers.

查看原文本刊更多论文

基于MAS和CBR的入侵检测智能体系结构

入侵检测体系结构中使用的代理具有委托、协作和通信等多重特征。然而，代理的一个重要属性:学习没有被使用。学习的概念在现有的ids中一般用于学习系统的正常行为以确保安全。为此，在专门的训练阶段构建正常的配置文件，然后将这些配置文件与当前活动进行比较。因此，IDS不具备检测新攻击的能力。在本文中，我们提出了一种基于入侵MAS的新架构，该架构增加了一种学习特征，即异常行为与新的攻击模式检测相对应。由于此功能，当发现新的攻击计划时，就会更新攻击知识库。为了学习新的攻击，体系结构必须首先检测并更新基本的攻击模式。在检测步骤中，采用基于案例推理(Case-Based Reasoning, CBR)的检测方法。因此，所提出的体系结构基于分层和分布式策略，其中特征被结构化并分离到层中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 4th Edition of National Security Days (JNS4)

自引率

0.00%

发文量