Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems

ACM Transactions on Autonomous and Adaptive Systems

Volumn 2, Issue 3, 2007, Pages

  Shyu, Mei Ling ^a,d   Quirino, Thiago ^a,d   Xie, Zongxing ^a,d   Chen, Shu Ching ^b   Chang, Liwu ^c  

^a UNIVERSITY OF MIAMI   (United States)

^b FLORIDA INTERNATIONAL UNIVERSITY   (United States)

^c NAVAL RESEARCH LABORATORY   (United States)

^d University of Miami College of Engineering   (United States)

Author keywords

Adaptive sub eigenspace modeling (ASEM); Agent communications; Agent based distributed system; Intrusion detection; Network security

Indexed keywords

ADAPTIVE SUB-EIGENSPACE MODELING (ASEM); AGENT COMMUNICATIONS; AGENT-BASED DISTRIBUTED SYSTEM;

COMPUTER SIMULATION; DECISION TABLES; EIGENVALUES AND EIGENFUNCTIONS; INTRUSION DETECTION; SCALABILITY; TELECOMMUNICATION TRAFFIC;

MULTI AGENT SYSTEMS;

EID: 35148882671     PISSN: 15564665     EISSN: 15564703     Source Type: Journal    
DOI: 10.1145/1278460.1278463     Document Type: Conference Paper

References (44)

1. ANDERSON, D., FRIVOLD, T., AND VALDES, A. 1995. Next-generation intrusion detection expert system (NIDES): A summary. In SRI International Technical Report. Vol. 95. Menlo Park, CA. 28-42.
2. BRANDEN, K. AND HUBERT, M. 2004. Robust classification in high dimensional data. In Proceedings in Computational Statistics. Prague, Czech Republic, 1925-1932.
3. BRANDEN, K. AND HUBERT, M. 2005. Robust classification in high dimensions based on the SIMCA method. Chemometrics and Intelligent Laboratory System,s 79, 10-21.
4. BREUNING, M. M., KRIEGEL, H.-P., NG, R. T., AND SANDER, J. 2000. LOF: Identifying density-based local outliers. In Proceedings of the ACM SIGMOD Conference. Dallas, TX. 93-104.
5. CLARK, D. 2001. Rethinking the design of the internet: end to end arguments vs. the brave new world. ACM Trans. Inter. Tech. 1, 1 (Sept.), 70-109.
6. DARPA 2007. Intrusion detection evaluation data sets, available at http://www.ll.mit.edu/.
7. D-ITG. 2006. Distributed internet traffic generator, available at http://www.grid.umna. it/software/ITG/.
8. DASGUPTA, D. AND BRIAN, H. 2001. Mobile security agents for network traffic analysis. In DARPA Information Survivability Conference and Exposition (DISCEX II'01). Vol. 2. Anaheim, CA. 332-340.
9. ERTOZ, L., EILERTSON, E., LAZAREVIC, A., TAN, P., SRIVASTAVA, J., KUMAR, V., AND DOKAS, R 2004. The MINDS-Minnesota Intrusion Detection System, Next Generation Data Mining. MIT Press, Cambridge, MA.
10. ETHEREAL. 2007. Ethereal-A network protocol analyzer, available at http://www.ethereal.com.
11. FOUKIA, N., HULAAS, J., AND HARMS, J. 2001. Intrusion detection with mobile agents. In Proceedings of the 11th Annual Internet Society Conference. Stockholm, Sweeden.
12. GREENACRE, M. AND BLASIUS, J. 2006. Multiple Correspondence Analysis and Related Methods. Chapman and Hall, Boca Raton, FL, USA.
13. GREENACRE, M. J. 1984. Theory and Applications of Correspondence Analysis. Academic Press, London.
14. HAN, B. 2003. Support vector machines, available at http://www.ist.temple.edu/~vucetic/ cis526fall2003/lecture8.doc.
15. HELMER, G., WONG, J., S. K., J., HONAVAR, V., MILLER, L., AND WANG, Y. 2003. Lightweight agents for intrusion detection. J. Syst. Softw. 67, 109-122.
16. HOCHBERG, J., JACKSON, K., STALLINGS, C., MCCLARY, J., DUBOIS, D., AND FORD, J. 1993. NADIR: An automated system for detecting network intrusions and misuse. Comput. Secur. 12, 3 (May), 235-248.
17. HOOPER, R 1999. Reference point logistic classification. J. Classif. 16, 91-116.
18. INSECUREORG. 2006. Nmap free security scanner, tools and hacking resources, available at http://insecure.org.
19. JACOBSON, V., LERES, C., AND MCCANNE, S. 2007. Tcpdump, available at anonymous@ftp.ee.lbl. gov.
20. KANNADIGA, R AND ZULKERNINE, M. 2005. DIDMA: A distributed intrusion detection system using mobile agents. In Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel and Distributed Computing. 238-245.
21. KDD. 1999. KDD Cup 1999 Data, available at http://kdd.ics.uci.edu/ databases/kddcup99/.
22. KONE, M., SHIMAZU, A., AND NAKAJIMA, T. 2000. The state of the art in agent communication lan-guages. Knowl. and Inform. Syst. 2, 3, 259-284.
23. LABIB, K. AND VEMURI, V. 2004. Detecting and visualizing Denial-of-Service and network probe attacks using principal component analysis. In Third Conference on Security and Network Architectures (SAR'04). La Londe, France.
24. LAZAREVIC, A., ERTOZ, L., KUMAR, V., OZGUR, A., AND SRIVASTAVA, J. 2003. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the Third SIAM Conference on Data Mining. San Francisco, CA.
25. LEE, W AND STOLFO, S. 2000. A framework for constructing features and models for intrusion detection systems. ACM Trans. Inform. Syst. Secur. 3, 4 (Nov.), 227-261.
26. LIAO, Y AND VEMURI, V 2002. Use of K-nearest neighbor classifier for intrusion detection. Comput. Secur. 5, 5, 439-448.
27. LIBCAP. 2007. Libcap. available at http://www.tcpdump.org.
28. LIU, H. AND MOTODA, H. 1998. Feature Extraction, Construction and Selection: A Data Mining Perspective. Kluwer Academic Publishers, Boston, MA.
29. LIU, H., YU, L., MANORANJAN, D., AND MOTODA, H. 2003. Active feature selection using classes. In Proceedings of Seventh Pacific-Asia Conference on Knowledge Discovery and Data Mining. Seoul, Korea, 474-485.
30. MATHWORKS. 2007. Matlab. available at http://www.mathworks.com/ matlabcentral/.
31. MOORE, D., VOELKER, G., AND SAVAGE, S. 2001. Inferring internet Denial-of-Service activity. In Usenix Security Symposium. Washington, D.C 9-22.
32. MORENO, A. 2005. Medical applications of multi-agent systems, available at http://cyber.felk. cvut.cz/EUNITE03-BIO/pdf/Moreno.pdf.
33. OXID. 2006. Irs. available at http://http://www.oxid.it/irs. html.
34. PENTLAND, A., MOGHADDAM, B., STARNER, T., OLIYIDE, O., AND TURK, M. 1994. View-based and modu-lar eigenspaces for face recognition. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR'94). Seattle, WA, 84-91.
35. QUINLAN, J. 1993. C4.5: Programs for Machine Learning. Morgan Kaufmann, San Francisco, CA.
36. SINGH, M. 1999. A social semantics for agent communication languages. In Proceedings of IJCAI99 Workshop on Agent Communication Languages. Stockholm, Scandinavia, 75-88.
37. SNAPP, S., BRETANO, J., DIAS, G., GOAN, T., HEBERLEIN, L., HO, C., LEVITT, K., MUKHERJEE, B., SMAHA, S., GRANCE, T., TEAL, D., AND MANSUR, D. 1991. DIDS (distributed intrusion detection system)motivation, architecture, and an early prototype. In Proceedings of the 14th National Computer Science Conference. Washington D.C. 167-176.
38. SPAFFORD, E. AND ZAMBONI, D. 2000. Intrusion detection using autonomous agents. Comput. Netw. 34, 4 (Oct.), 547-570.
39. TCPTRACE. 2007. available at http://www.tcptrace.org.
40. TOU, J. AND GONZALEZ, R. 1974. Pattern Recognition Principles. Addison-Wesley, MA.
41. VAIDEHI, K. AND RAMAMURTHY, B. 2004. Distributed hybrid agent based intrusion detection and real time response system. In Proceedings of the First International Conference on Broadband Networks (BROADNETS'04). 739-741.
42. VERWORED, T. AND HUNT, R. 2002. Intrusion detection techniques and approaches. Comput. Comm. 25, 1356-1365.
43. WEKA. 2007. Weka. available at http://www.cs.waikato.ac.nz/ml/ weka/.
44. XIE, Z., QUIRINO, T., SHYU, M.-L., CHEN, S.-C, AND CHANG, L. 2006. A distributed agent-based approach to intrusion detection using the lightweight PCC anomaly detection classier. In IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC2006). Taichung, Taiwan, R.O.C, 446-453.