OMAMIDS: Ontology Based Multi-Agent Model Intrusion Detection System for Detecting Web Service Attacks
TL;DR: An Ontology-based Multi-Agent Model Intrusion Detection System (OMAMIDS) for detecting web service attacks achieves high detection rate and accuracy and lower false positive rate than the existing techniques.
Abstract: Web service plays a significant role in the Internet applications. According to the current researchers, the web services are highly prone to the cyber-attacks. The Intrusion Detection System (IDS)...
Citations
More filters
TL;DR: This work proposes a semi-supervised approach for network anomaly detection inspired from the biological negative selection process, namely negative selection for network anomalies detection (NSNAD), which generates a set of detectors and uses them to classify events as anomaly.
Abstract: Intrusion detection systems are one of the security tools widely deployed in network architectures in order to monitor, detect and eventually respond to any suspicious activity in the network. However, the constantly growing complexity of networks and the virulence of new attacks require more adaptive approaches for optimal responses. In this work, we propose a semi-supervised approach for network anomaly detection inspired from the biological negative selection process. Based on a reduced dataset with a filter/ranking feature selection technique, our algorithm, namely negative selection for network anomaly detection (NSNAD), generates a set of detectors and uses them to classify events as anomaly. Otherwise, they are matched against an Artificial Human Leukocyte Antigen in order to be classified as normal. The accuracy and the computational time of NSNAD are tested under three intrusion detection datasets: NSL-KDD, Kyoto2006+ and UNSW-NB15. We compare the performance of NSNAD against a fully supervised algorithm (Naive Bayes), an unsupervised clustering algorithm (K-means) and a semi-supervised algorithm (One-class SVM) with respect to multiple accuracy metrics. We also compare the time incurred by each algorithm in training and classification stages.
18 citations
08 Nov 2017
TL;DR: The main focus of the present research is the design of a model that prevents distributed denial-of-service attacks based on host-based intrusion detection protection systems over hypervisor environments.
Abstract: Cloud computing has become an innovative technology. Recent advances in hardware and software have put tremendous pressure on administrators, who manage these resources to provide an uninterrupted service. System administrators should be familiar with cloud-server monitoring and network tools. The main focus of the present research is the design of a model that prevents distributed denial-of-service attacks based on host-based intrusion detection protection systems over hypervisor environments. The prevention model uses principal component analysis and linear discriminant analysis with a hybrid, nature-inspired metaheuristic algorithm called Ant Lion optimisation for feature selection and artificial neural networks to classify and configure the cloud server. The current results represent a feasible outcome for a good intrusion detection and prevention framework for DDoS-cloud computing systems based on statistics and predicted techniques.
15 citations
TL;DR: This paper improves the capacity to detect outliers of both micro-clusters based algorithms (MCOD) and distance-based algorithms (Abstract-C and Exact-Storm) known for their performance and proposes a hybrid solution based on iterative majority voting and LiCS.
9 citations
TL;DR: The results of this study have shown that multi-agent architectures include several advantages that can help in the development of ambient IDS, however, it has been found that there are several issues in the current multi- agent IDS architectures that may degrade the accuracy and response time of intrusions and attacks detection.
Abstract: Multi-agent architectures have been successful in attaining considerable attention among computer security researchers. This is so, because of their demonstrated capabilities such as autonomy, embedded intelligence, learning and self-growing knowledge-base, high scalability, fault tolerance, and automatic parallelism. These characteristics have made this technology a de facto standard for developing ambient security systems to meet the open and dynamic nature of today’s online communities. Although multi-agent architectures are increasingly studied in the area of computer security, there is still not enough empirical evidence on their performance in intrusions and attacks detection. The aim of this paper is to report the systematic literature review conducted in the context of specific research questions, to investigate multi-agent IDS architectures to highlight the issues that affect their performance in terms of detection accuracy and response time. We used pertinent keywords and terms to search and retrieve the most recent research studies, on multi-agent IDS architectures, from the major research databases and digital libraries such as SCOPUS, Springer, and IEEE Explore. The search processes resulted in a number of studies; among them, there were journal articles, book chapters, conference papers, dissertations, and theses. The obtained studies were assessed and filtered out, and finally, there were over 71 studies chosen to answer the research questions. The results of this study have shown that multi-agent architectures include several advantages that can help in the development of ambient IDS. However, it has been found that there are several issues in the current multi-agent IDS architectures that may degrade the accuracy and response time of intrusions and attacks detection. Based on our findings, the issues of multi-agent IDS architectures include limitations in the techniques, mechanisms, and schemes used for multi-agent IDS adaptation and learning, load balancing, scalability, fault-tolerance, and high communication overhead. It has also been found that new measurement metrics are required for evaluating multi-agent IDS architectures.
6 citations
Cites methods from "OMAMIDS: Ontology Based Multi-Agent..."
...In [15], a self-learning ontology was proposed using Intuitionistic Fuzzy Logic (IFL) to generate new attack rules....
[...]
...A shared knowledge base or ontology represents a central hub for all agents to exchange their desires and beliefs; this scheme adopted by [4], [9], [15], [58], [59]....
[...]
TL;DR: An ontology-based intrusion detection framework to detect Denial of Service (DoS) attacks at the application level and proposes the ontology model and semantic rule for the detection of an HTTP flood attack.
Abstract: In the current digital era, the consumer uses web applications for banking, e-commerce, and sharing information with others. These web applications are suffered from different types of attacks. The hacker intelligently uses multiple attack vectors to generate attacks with the help of tools. Therefore, intelligent intrusion detection plays an essential role in security. This paper presents an ontology-based intrusion detection framework to detect Denial of Service (DoS) attacks at the application level. The system proposes the ontology model and semantic rule for the detection of an HTTP flood attack. The system is implemented and tested on the GoldenEye DoS dataset with the help of semantic rules. The system provides early detection of DoS attacks in two seconds and improved detection rate using a time winodw threshold mechanism in the semantic rule. The system also achieves a higher detection rate of 94.89% without threshold in semantic rule to detect DoS attack. Finally, the system is compared with related traditional DoS detection systems.
2 citations
References
More filters
TL;DR: Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.
Abstract: The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.
397 citations
TL;DR: A review and categorization of existing IDPS schemes in terms of traditional artificial computational intelligence with a multi-agent support, which amalgamates a fuzzy reinforcement learning knowledge management by creating a far superior technological platform that is far more accurate in detecting attacks.
137 citations
"OMAMIDS: Ontology Based Multi-Agent..." refers methods in this paper
...Fuzzy C-Means (FCM), neural network (NN) based IDS such as self-organizing map (SOM; Shamshirband et al., 2013)....
[...]
TL;DR: A mechanism of Intrusion Detection System (IDS) created in a Cluster-based Wireless Sensor Network (CWSN) is proposed, which can provide the system to resist intrusions, and process in real-time by analyzing the attacks.
Abstract: A Wireless Sensor Network (WSN) consists of many low-cost, small devices. Usually, as they are deployed to an open and unprotected region, they are vulnerable to various types of attacks. In this research, a mechanism of Intrusion Detection System (IDS) created in a Cluster-based Wireless Sensor Network (CWSN) is proposed. The proposed IDS is an Integrated Intrusion Detection System (IIDS). It can provide the system to resist intrusions, and process in real-time by analyzing the attacks. The IIDS includes three individual IDSs: Intelligent Hybrid Intrusion Detection System (IHIDS), Hybrid Intrusion Detection System (HIDS) and misuse Intrusion Detection System. These are designed for the sink, cluster head and sensor node according to different capabilities and the probabilities of attacks these suffer from. The proposed IIDS consists of an anomaly and a misuse detection module. The goal is to raise the detection rate and lower the false positive rate through misuse detection and anomaly detection. Finally, a decision-making module is used to integrate the detected results and report the types of attacks.
104 citations
"OMAMIDS: Ontology Based Multi-Agent..." refers result in this paper
...The performance of the proposed system is evaluated by comparing it with the existing Host-based IDS (HIDS;Wang, Yan,Wang, & Liu, 2011) and Traditional Artificial and Computational Intelligence techniques (Shamshirband, Anuar, Kiah, & Patel, 2013)....
[...]
...This section presents the performance evaluation results of the proposed OMAMIDS system, by comparing it with the existing HIDS;Wang et al., 2011)....
[...]
TL;DR: The proposed cooperative-based fuzzy artificial immune system (Co-FAIS) improves detection accuracy and successful defense rate performance against attacks compared to conventional empirical methods.
102 citations
TL;DR: The experimental results show that the detection capability and performance of the system is significantly better than existing state of the art solutions and demonstrates that a semantic approach can be used to effectively detect zero day and more sophisticated attacks in a real-world environment.
67 citations