DIDS Using Cooperative Agents Based on Ant Colony Clustering
Intrusion detection systems (IDS) play an important role in information security. Two major problems in the development of IDSs are the computational aspect and the architectural aspect. The computational or algorithmic problems include lacking ability of novel-attack detection and computation overload caused by large data traffic. The architectural problems are related to the communication between components of detection, including difficulties to overcome distributed and coordinated attacks because of the need of large amounts of distributed information and synchronization between detection components. This paper proposes a multi-agent architecture for a distributed intrusion detection system (DIDS) based on ant-colony clustering (ACC), for recognizing new and coordinated attacks, handling large data traffic, synchronization, co-operation between components without the presence of centralized computation, and good detection performance in real-time with immediate alarm notification. Feature selection based on principal component analysis (PCA) is used for dimensional reduction of NSL-KDD. Initial features
are transformed to new features in smaller dimensions, where probing attacks (Ra-Probe) have a characteristic sign in their average value that is different from that of normal activity. Selection is based on the characteristics of these factors, resulting in a two-dimensional subset of the 75% data reduction.
Zaman, S., A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules, PhD thesis, University of Waterloo, Ontario, Canada, 2009.
Kolias, C., Kambourakis, G. & Maragoudakis, M., Swarm Intelligence in Intrusion Detection: A Survey, Computer & Security, 30, pp. 625-642, 2011.
Furao, S. & Hasegawa, O., An Incremental Network for On-Line Unsupervised Classification and Topology Learning, Neural Networks,19, pp. 90-106, 2006.
Bonabeau, E., Dorigo, M. & Theraulaz, G., Swarm Intelligence: From Natural to Artificial System, New York: Oxford University Press, Inc., 1999.
Deneubourg, J.L. , Goss, S., Franks, N., Sendova-Franks, A., Detrain, C. & Chretien, L., The Dynamics of Collective Sorting: Robot-like Ants and Ant-like Robots, in First International Conference on Simulation of Adaptive Behaviour: From Animals to Animats, 1, MIT Press, Cambridge, MA, 1990.
Lumer, E. & Faieta, B., Diversity and Adaptation in Populations of Clustering Ants, in Proceedings of the Third International Conference on Simulation of Adaptive Behaviour: From Animals to Animats, 3, MIT Press, Cambridge, MA, 1994.
Handl, J., Knowles, J. & Dorigo, M., Ant-Based Clustering and Topographic Mapping, Artificial Life, 12, pp.35-61, 2006.
Ramos, V. & Abraham, A., ANTIDS: Self Organized Ant Based Clustering Model for Intrusion Detection System, in Proceedings of The Fourth IEEE International Workshop on Soft Computing as Transdisciplinary Science and Technology, Muroran, Japan, 2005.
Tsang, CH. & Kwong, S., Multi-Agent Intrusion Detection System in Industrial Network Using Ant Colony Clustering Approach and Unsupervised Feature Extraction, in Proceedings of The IEEE International Conference on Industrial Technology, Hong Kong, China, 2005.
Prema Rajeswari, L., Kannan, A. & Baskaran, R., An Escalated Approach to Ant Colony Clustering Algorithm for Intrusion Detection System, in International Conference Distributed Computing and Networking, Kolkata, India, 2008.
Lingxi, M. & Guang, S., An Improved Ant Colony Clustering Method for Network Intrusion Detection, in IEEE Eighth International Conference on Networking, Architecture and Storage, Shaanxi, China, 2013.
Handl, J., Ant-Based Methods for Tasks of Clustering and Topographic Mapping: Extensions, Analysis and Comparison with Alternative Methods, PhD thesis, Friedrich-Alexander-Universitat ErlangenNurnberg, Germany, 2003.
Tsang, CH. & Kwong, S., Ant Colony Clustering and Feature Extraction for Anomaly Intrusion Detection, Studies in Computational Intelligence (SCI), 34, pp.101-123, 2006.
Tsang, CH., City University of Hong Kong, 2006, http://lbms03.cityu.edu.hk/theses/c_ftt/mphil-csb21071020f.pdf (8 March 2014).
Sen, J., An Agent-Based Intrusion Detection System for Local Area Networks, International Journal of Communication Networks and Information Security (IJCNIS), 2(2), pp.128-140, 2010.
Robbins, R., Distributed Intrusion Detection Systems: An Introduction and Review, Sans Institute, 2003.
Guillamet, D., Statistical Local Appearance Models for Object Recognition, Ph.D Thesis, Departament d’Informàtica, Universitat Autònoma de Barcelona, http://www.tdx.cat/handle/10803/3044 (22 May 2014).
Tavallaee, M., Bagheri, E., Lu, W. & Ghorbani, A., A Detailed Analysis of the KDD CUP 99 Data Set, Proceeding of IEEE Symposium on Computational Intelligence in Security and Defence Application (CISDA09.), 2009, http://www.tavallaee.com/publications/CISDA.pdf(12 April 2012).
Datti, R. & Bhupendra V., Feature Reduction Using Linear Discriminat Analysis, International Journal of Computer Science and Engineering 2(04), pp.1072-1078, 2010.
Lippmann, R.P., Jumated, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K. & Zissman, M.A., Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation, IEEE Computer Society Press., in Proceeding of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX), 2, pp.12-26, 2000.
- There are currently no refbacks.
ITB Journal Publisher, LPPM – ITB,
Center for Research and Community Services (CRCS) Building Floor 7th,
Jl. Ganesha No. 10 Bandung 40132, Indonesia,