ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Dynamic information source selection for intrusion detection systems
Full text PdfPdf (342 KB)
Source
International Conference on Autonomous Agents archive
Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems - Volume 2 table of contents
Budapest, Hungary
SESSION: Reputation and trust table of contents
Pages 1009-1016  
Year of Publication: 2009
ISBN:978-0-9817381-7-8
Authors
Martin Rehak  Czech Technical University in Prague, Czech Republic
Eugen Staab  University of Luxembourg, Luxembourg
Michal Pechoucek  Czech Technical University in Prague, Czech Republic
Jan Stiborek  Czech Technical University in Prague, Czech Republic
Martin Grill  Czech Technical University in Prague, Czech Republic
Karel Bartos  Czech Technical University in Prague, Czech Republic
Sponsors
: The Foundation for Intelligent Physical Agents
Microsoft Research : Microsoft Research
: Whitestein Technologies
: European Office of Aerospace Research and Development, Air Force Office of Scientific Research, United States Air Force Research Laboratory
: Drexel University
: Wiley -- Blackwell Ltd
Publisher
International Foundation for Autonomous Agents and Multiagent Systems  Richland, SC
Bibliometrics
Downloads (6 Weeks): 30,   Downloads (12 Months): 79,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  

ABSTRACT

Our work presents a mechanism designed for the selection of the optimal information provider in a multi-agent, heterogeneous and unsupervised monitoring system. The self-adaptation mechanism is based on the insertion of a small set of prepared challenges that are processed together with the real events observed by the system. The evaluation of the system response to these challenges is used to select the optimal information source. Our algorithm uses the concept of trust to identify the best source and to optimize the number of challenges inserted into the system. The mechanism is designed for intrusion/fraud detection systems, which are frequently deployed as part of online transaction processing (banking, telecommunications or process monitoring systems). Our approach features unsupervised adjustment of its configuration and dynamic adaptation to the changing environment, which are both vital for these domains.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
P. Barford, S. Jha, and V. Yegneswaran. Fusion and filtering in distributed intrusion detection systems. In In Proceedings of the 42nd Annual Allerton Conference on Communication, Control and Computing, 2004.
 
2
R. J. Bolton and D. J. Hand. Statistical fraud detection: A review. Statistical Science, pages 235--255, 2002.
 
3
C. Castelfranchi , R. Falcone, Principles of Trust for MAS: Cognitive Anatomy, Social Importance, and Quantification, Proceedings of the 3rd International Conference on Multi Agent Systems, p.72, July 03-07, 1998
4
Georgios Chalkiadakis , Craig Boutilier, Coordination in multiagent reinforcement learning: a Bayesian approach, Proceedings of the second international joint conference on Autonomous agents and multiagent systems, July 14-18, 2003, Melbourne, Australia  [doi>10.1145/860575.860689]
 
5
Cisco Systems. Cisco IOS NetFlow. http://www.cisco.com/go/netflow, 2007.
 
6
R. Dearden, N. Friedman, and D. Andre. Model based bayesian exploration. In UAI '99: Proc. of the 15th Conf. on Uncertainty in Artificial Intelligence, pages 150--159, 1999.
 
7
Dorothy E. Denning, An Intrusion-Detection Model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, February 1987  [doi>10.1109/TSE.1987.232894]
 
8
Thomas G. Dietterich, Ensemble Methods in Machine Learning, Proceedings of the First International Workshop on Multiple Classifier Systems, p.1-15, June 21-23, 2000
 
9
L. Ertoz, E. Eilertson, A. Lazarevic, P.-N. Tan, V. Kumar, J. Srivastava, and P. Dokas. Minds - minnesota intrusion detection system. In Next Generation Data Mining. MIT Press, 2004.
 
10
Giorgio Giacinto , Roberto Perdisci , Mauro Del Rio , Fabio Roli, Intrusion detection in computer networks by a modular ensemble of one-class classifiers, Information Fusion, v.9 n.1, p.69-82, January, 2008  [doi>10.1016/j.inffus.2006.10.002]
 
11
T. D. Huynh, N. R. Jennings, and N. R. Shadbolt. Fire: An integrated trust and reputation model for open multi-agent systems. In Proceedings of the 16th European Conference on Artificial Intelligence (ECAI '04), pages 18--22. IOS Press, 2004.
 
12
F. Johansson and G. Falkman. Detection of vessel anomalies - a bayesian network approach. In Proceedings of the 3rd International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2007.
13
Anukool Lakhina , Mark Crovella , Christophe Diot, Diagnosing network-wide traffic anomalies, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
14
Anukool Lakhina , Mark Crovella , Christophe Diot, Mining anomalies using traffic feature distributions, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA
 
15
David S. Moore, The Basic Practice of Statistics with Cdrom, W. H. Freeman & Co., New York, NY, 1999
 
16
Stephen Northcutt , Judy Novak, Network Intrusion Detection: An Analyst's Handbook, New Riders Publishing, Thousand Oaks, CA, 2002
 
17
R. Polikar. Esemble based systems in decision making. IEEE Circuits and Systems Mag., 6(3):21--45, 2006.
 
18
Shulamit Reches , Philip Hendrix , Sarit Kraus , Barbara J. Grosz, Efficiently determining the appropriate mix of personal interaction and reputation information in partner choice, Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems, May 12-16, 2008, Estoril, Portugal
 
19
Martin Rehák , Michal Pěchouček, Trust Modeling with Context Representation and Generalized Identities, Proceedings of the 11th international workshop on Cooperative Information Agents XI, September 19-21, 2007, Delft, The Netherlands  [doi>10.1007/978-3-540-75119-9_21]
 
20
Martin Rehák , Michal Pěchouček , Martin Grill , Karel Bartos, Trust-Based Classifier Combination for Network Anomaly Detection, Proceedings of the 12th international workshop on Cooperative Information Agents XII, September 10-12, 2008, Prague, Czech Republic  [doi>10.1007/978-3-540-85834-8_11]
 
21
Achim Rettinger , Matthias Nickles , Volker Tresp, Learning Initial Trust Among Interacting Agents, Proceedings of the 11th international workshop on Cooperative Information Agents XI, September 19-21, 2007, Delft, The Netherlands  [doi>10.1007/978-3-540-75119-9_22]
 
22
K. Scarfone and P. Mell. Guide to intrusion detection and prevention systems (idps). Technical Report 800--94, NIST, US Dept. of Commerce, 2007.
 
23
A. Sridharan, T. Ye, and S. Bhattacharyya. Connectionless port scan detection on the backbone. Phoenix, AZ, USA, 2006.
 
24
Eugen Staab , Volker Fusenig , Thomas Engel, Towards Trust-Based Acquisition of Unverifiable Information, Proceedings of the 12th international workshop on Cooperative Information Agents XII, September 10-12, 2008, Prague, Czech Republic  [doi>10.1007/978-3-540-85834-8_6]
 
25
W. T. Luke Teacy , Georgios Chalkiadakis , Alex Rogers , Nicholas R. Jennings, Sequential decision making with untrustworthy service providers, Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems, May 12-16, 2008, Estoril, Portugal
26
W. T. Luke Teacy , Jigar Patel , Nicholas R. Jennings , Michael Luck, Coping with inaccurate reputation sources: experimental analysis of a probabilistic trust model, Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, July 25-29, 2005, The Netherlands  [doi>10.1145/1082473.1082624]
 
27
Y. Wang and M. P. Singh. Formal trust model for multiagent systems. In Proc. of the 20th Int. Joint Conf. on Artificial Intelligence (IJCAI '07), pages 1551--1556, 2007.
 
28
Kuai Xu , Zhi-Li Zhang , Supratik Bhattacharyya, Reducing unwanted traffic in a backbone network, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.2-2, July 07, 2005, Cambridge, MA
 
29
Ronald R. Yager, On ordered weighted averaging aggregation operators in multicriteria decisionmaking, IEEE Transactions on Systems, Man and Cybernetics, v.18 n.1, p.183-190, January/February 1988  [doi>10.1109/21.87068]

INDEX TERMS

Primary Classification:
  I. Computing Methodologies
  I.2 ARTIFICIAL INTELLIGENCE
        I.2.11 Distributed Artificial Intelligence
            Subjects: Intelligent agents

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

  I. Computing Methodologies
  I.2 ARTIFICIAL INTELLIGENCE
        I.2.11 Distributed Artificial Intelligence
            Subjects: Multiagent systems


General Terms:
Algorithms, Security


Keywords:
intrusion detection, security, service selection, trust

Collaborative Colleagues:
Martin Rehak: colleagues
Eugen Staab: colleagues
Michal Pechoucek: colleagues
Jan Stiborek: colleagues
Martin Grill: colleagues
Karel Bartos: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player