{"title":"Intelligent architecture based on MAS and CBR for intrusion detection","authors":"Mohssine El Ajjouri, S. Benhadou, H. Medromi","doi":"10.1109/JNS4.2014.6850123","DOIUrl":null,"url":null,"abstract":"The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks. We propose in this paper, a new architecture based intrusion MAS adding a learning feature abnormal behaviors that correspond to new attack patterns detection. Thanks to this feature to update the knowledge base of attacks take place when a new plan of attack is discovered. To learn a new attack, the architecture must detect at first and then update the basic attack patterns. For the detection step, the detection approach adopted is based on the technique of Case-Based Reasoning (CBR). Thus, the proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers.","PeriodicalId":228109,"journal":{"name":"Proceedings of the 4th Edition of National Security Days (JNS4)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th Edition of National Security Days (JNS4)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JNS4.2014.6850123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
The agents used in the intrusion detection architectures have multiple characteristics namely delegation, cooperation and communication. However, an important property of agents: learning is not used. The concept of learning in existing IDSs used in general to learn the normal behavior of the system to secure. For this, normal profiles are built in a dedicated training phase, these profiles are then compared with the current activity. Thus, the IDS does not have the ability to detect new attacks. We propose in this paper, a new architecture based intrusion MAS adding a learning feature abnormal behaviors that correspond to new attack patterns detection. Thanks to this feature to update the knowledge base of attacks take place when a new plan of attack is discovered. To learn a new attack, the architecture must detect at first and then update the basic attack patterns. For the detection step, the detection approach adopted is based on the technique of Case-Based Reasoning (CBR). Thus, the proposed architecture is based on a hierarchical and distributed strategy where features are structured and separated into layers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
