This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Adaptive Multiagent System for Network Traffic Monitoring
May/June 2009 (vol. 24 no. 3)
pp. 16-25
Martin Rehák, Czech Technical University
Michal Pechoucek, Czech Technical University
Martin Grill, Czech Technical University
Jan Stiborek, Czech Technical University
Karel Bartoš, Czech Technical University
Pavel Celeda, Masaryk University
An application of agent-based data mining for near-real time detection of attacks against the computer networks and connected hosts is based on processing network traffic statistics provided by high-speed network monitoring cards and using a set of known anomaly-detection techniques to identify the anomalous behavior. The individual anomaly-detection methods have relatively high error rates that make them unfit for most practical deployments. Using the agent-based trust modeling technique, the Camnep system fuses the data provided by anomaly-detection methods and progressively builds a better classification with an acceptable error rate. The system uses agent-based self-adaptation techniques to dynamically align its structure with the changes in network traffic structure and attacks.

1. S. Zhong, T.M. Khoshgoftaar, and N. Seliya, "Analyzing Software Measurement Data with Clustering Techni-ques," IEEE Intelligent Systems, vol. 19, no. 2, 2004, pp. 20–27.
2. M. Rehák and M. Pĕchouček, "Trust Modeling with Context Representation and Generalized Identities," Cooperative Information Agents XI, LNCS 4676, Springer, 2007, pp. 298–312.
3. S. Marsh, Formalising Trust as a Computational Concept, doctoral dissertation, Dept. of Mathematics and Computer Science, Univ. of Stirling, 1994.
4. L. Ertoz et al., "MINDS—Minnesota Intrusion Detection System," Next Generation Data Mining, MIT Press, 2004.
5. K. Xu, Z.L. Zhang, and S. Bhattacharrya, "Reducing Unwanted Traffic in a Backbone Network," Proc. Usenix Workshop on Steps to Reduce Unwanted Traffic in the Internet (SRUTI 05), Usenix Assn., 2005.
6. A. Lakhina, M. Crovella, and C. Diot, "Mining Anomalies Using Traffic Feature Distributions," Proc. ACM SIGCOMM, ACM Press, 2005, pp. 217–228.
7. A. Sridharan and T. Ye, "Tracking Port Scanners on the IP Backbone," Proc. 2007 Workshop on Large Scale Attack Defense (LSAD 07), ACM Press, 2007, pp. 137–144.
8. M. Rehák et al., "Trust-Based Classifier Combination for Network Anomaly Detection," Cooperative Information Agents XII, LNCS 5180, Springer, 2008, pp. 116–130.
9. G. Giacinto et al., "Intrusion Detection in Computer Networks by a Modular Ensemble of One-Class Classifiers," Information Fusion, vol. 9, no. 1, 2008, pp. 69–82.

Index Terms:
network intrusion detection, data mining, multiagent systems, trust
Citation:
Martin Rehák, Michal Pechoucek, Martin Grill, Jan Stiborek, Karel Bartoš, Pavel Celeda, "Adaptive Multiagent System for Network Traffic Monitoring," IEEE Intelligent Systems, vol. 24, no. 3, pp. 16-25, May-June 2009, doi:10.1109/MIS.2009.42
Usage of this product signifies your acceptance of the Terms of Use.