An agent based architecture using ontology for intrusion detection system

Abstract

Intrusion Detection Systems is one of the most useful tools which are used nowadays to identify the attacks happening on the network. But the high false positive and false negative rates are major limitations in Intrusion detection System. To overcome these limitations new techniques should be introduced. In our research we used Ontology in Intrusion Detection System. As Ontology describes the semantic relations between entities, we used this technique in our system to describe the attacks by their behavior. Our proposed Intrusion Detection System contains multiple agents like Sniffer agent, Analysis Agent, communication agent and manager agent. They work collectively to detect the intrusion in a much efficient way. Analysis agent uses ontology to identify the attack. Protege is software which creates ontology. Our system semantically analyses various fields of the packet and infer to a solution about attack. To identify complex attacks occurs in distributed environment that are not identified by the existing systems we are using complex attack ontology. So overall Ontology based Intrusion Detection Systems are much advanced as compared to other IDS as these are reliable, scalable, interoperable and helpful for finding new attacks.