{"title":"利用O-MaSE方法设计基于MAS的高效入侵检测,学习新的攻击","authors":"Mohssine El Ajjouri, S. Benhadou, H. Medromi","doi":"10.1109/CLOUDTECH.2015.7336987","DOIUrl":null,"url":null,"abstract":"The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks., In this paper, we propose a new architecture for intrusion detection based in MAS adding a learning feature abnormal behaviors that correspond to new attack patterns. To learn a new attack, the architecture must detect at first and then update the base of attack patterns. For the detection step, the approach adopted is based on the technique of Case-Based Reasoning (CBR). The proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers., We focus after on the modeling of our Multi agent systems Architecture, for reasons of simplicity, we use the methodology O-MaSE.","PeriodicalId":293168,"journal":{"name":"2015 International Conference on Cloud Technologies and Applications (CloudTech)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Use of O-MaSE methodology for designing efficient intrusion detection based on MAS to learn new attacks\",\"authors\":\"Mohssine El Ajjouri, S. Benhadou, H. Medromi\",\"doi\":\"10.1109/CLOUDTECH.2015.7336987\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks., In this paper, we propose a new architecture for intrusion detection based in MAS adding a learning feature abnormal behaviors that correspond to new attack patterns. To learn a new attack, the architecture must detect at first and then update the base of attack patterns. For the detection step, the approach adopted is based on the technique of Case-Based Reasoning (CBR). The proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers., We focus after on the modeling of our Multi agent systems Architecture, for reasons of simplicity, we use the methodology O-MaSE.\",\"PeriodicalId\":293168,\"journal\":{\"name\":\"2015 International Conference on Cloud Technologies and Applications (CloudTech)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Cloud Technologies and Applications (CloudTech)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CLOUDTECH.2015.7336987\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Cloud Technologies and Applications (CloudTech)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLOUDTECH.2015.7336987","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Use of O-MaSE methodology for designing efficient intrusion detection based on MAS to learn new attacks
The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks., In this paper, we propose a new architecture for intrusion detection based in MAS adding a learning feature abnormal behaviors that correspond to new attack patterns. To learn a new attack, the architecture must detect at first and then update the base of attack patterns. For the detection step, the approach adopted is based on the technique of Case-Based Reasoning (CBR). The proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers., We focus after on the modeling of our Multi agent systems Architecture, for reasons of simplicity, we use the methodology O-MaSE.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
