REHÁK, Martin, Michal PĚCHOUČEK, Pavel ČELEDA, Vojtěch KRMÍČEK, Karel BARTOŠ and Martin GRILL. Multi-Agent Approach to Network Intrusion Detection (Demo Paper). In Proceedings of the 7th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2008) - Industrial and Applications Track. 1st ed. Estoril: Inesc-Id, 2008, p. 1695-1696. ISBN 978-0-9817381-3-0.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Multi-Agent Approach to Network Intrusion Detection (Demo Paper)
Name in Czech Multi-agentní přístup k detekci průniků do sítě
Authors REHÁK, Martin (203 Czech Republic), Michal PĚCHOUČEK (203 Czech Republic), Pavel ČELEDA (203 Czech Republic, guarantor), Vojtěch KRMÍČEK (203 Czech Republic), Karel BARTOŠ (203 Czech Republic) and Martin GRILL (203 Czech Republic).
Edition 1. vyd. Estoril, Proceedings of the 7th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2008) - Industrial and Applications Track, p. 1695-1696, 2 pp. 2008.
Publisher Inesc-Id
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Portugal
Confidentiality degree is not subject to a state or trade secret
WWW URL
RIV identification code RIV/00216224:14330/08:00033495
Organization unit Faculty of Informatics
ISBN 978-0-9817381-3-0
Keywords in English trust; intrusion detection; network behavior analysis
Tags intrusion detection, network behavior analysis, trust
Tags International impact, Reviewed
Changed by Changed by: RNDr. Vojtěch Krmíček, Ph.D., učo 51640. Changed: 6/8/2010 09:27.
Abstract
Our demo presents an agent-based intrusion detection system designed for deployment on high-speed backbone networks. The major contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm. The principal role of anomalies is to provide the input into the trust modeling stage of the detection, where each agent determines the flow trustfulness from aggregated anomalies. The aggregation is performed by extended trust models that model the trustfulness of generalized situated identities, represented by a set of observable features. The system is based on traffic statistics in NetFlow format acquired by dedicated hardware-accelerated network cards, and is able to perform a real-time surveillance of the gigabit networks.
Abstract (in Czech)
Naše demo prezentuje systém detekce průniku založený na agentní platformě a navržený pro vysokorychlostní páteřní sítě. Hlavním přínosem systému je integrace několika metod pro detekci anomálií pomocí kolektivního trust modelování. Hlavní role anomálií je poskytnutí vstupu do fáze modelování trustu a detekce, kde každý agent určuje míru důvěryhodnosti toku z agregovaných anomálií. Agregace je prováděna pomocí rozšířeného trust modelu, reprezentovaného množinou pozorovaných vlastností. Systém je založen na síťových statistikách v NetFlow formátu, získávaných pomocí hardwarově urychlovaných síťových karet. Systém provádí analýzu gigabitových sítí v reálném čase.
Links
N62558-07-C-0001, interní kód MUName: Distribuované mechanismy pro ochranu počítačových sítí (Acronym: CAMNEP)
Investor: U.S. Army RDECOM Acquisition Center, Cooperative Adaptive Mechanism for Network Protection
PrintDisplayed: 5/10/2024 18:13