The Community for Technology Leaders
RSS Icon
Issue No.03 - May/June (2009 vol.24)
pp: 16-25
Michal Pechoucek , Czech Technical University
Martin Grill , Czech Technical University
Martin Rehák , Czech Technical University
Karel Bartoš , Czech Technical University
Pavel Celeda , Masaryk University
An application of agent-based data mining for near-real time detection of attacks against the computer networks and connected hosts is based on processing network traffic statistics provided by high-speed network monitoring cards and using a set of known anomaly-detection techniques to identify the anomalous behavior. The individual anomaly-detection methods have relatively high error rates that make them unfit for most practical deployments. Using the agent-based trust modeling technique, the Camnep system fuses the data provided by anomaly-detection methods and progressively builds a better classification with an acceptable error rate. The system uses agent-based self-adaptation techniques to dynamically align its structure with the changes in network traffic structure and attacks.
network intrusion detection, data mining, multiagent systems, trust
Michal Pechoucek, Martin Grill, Martin Rehák, Karel Bartoš, Pavel Celeda, "Adaptive Multiagent System for Network Traffic Monitoring", IEEE Intelligent Systems, vol.24, no. 3, pp. 16-25, May/June 2009, doi:10.1109/MIS.2009.42
1. S. Zhong, T.M. Khoshgoftaar, and N. Seliya, "Analyzing Software Measurement Data with Clustering Techni-ques," IEEE Intelligent Systems, vol. 19, no. 2, 2004, pp. 20–27.
2. M. Rehák and M. Pĕchouček, "Trust Modeling with Context Representation and Generalized Identities," Cooperative Information Agents XI, LNCS 4676, Springer, 2007, pp. 298–312.
3. S. Marsh, Formalising Trust as a Computational Concept, doctoral dissertation, Dept. of Mathematics and Computer Science, Univ. of Stirling, 1994.
4. L. Ertoz et al., "MINDS—Minnesota Intrusion Detection System," Next Generation Data Mining, MIT Press, 2004.
5. K. Xu, Z.L. Zhang, and S. Bhattacharrya, "Reducing Unwanted Traffic in a Backbone Network," Proc. Usenix Workshop on Steps to Reduce Unwanted Traffic in the Internet (SRUTI 05), Usenix Assn., 2005.
6. A. Lakhina, M. Crovella, and C. Diot, "Mining Anomalies Using Traffic Feature Distributions," Proc. ACM SIGCOMM, ACM Press, 2005, pp. 217–228.
7. A. Sridharan and T. Ye, "Tracking Port Scanners on the IP Backbone," Proc. 2007 Workshop on Large Scale Attack Defense (LSAD 07), ACM Press, 2007, pp. 137–144.
8. M. Rehák et al., "Trust-Based Classifier Combination for Network Anomaly Detection," Cooperative Information Agents XII, LNCS 5180, Springer, 2008, pp. 116–130.
9. G. Giacinto et al., "Intrusion Detection in Computer Networks by a Modular Ensemble of One-Class Classifiers," Information Fusion, vol. 9, no. 1, 2008, pp. 69–82.
336 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool