{"title":"基于多智能体的蜜罐入侵检测系统虚警率提高方法","authors":"B. Khosravifar, Maziar Gomrokchi, J. Bentahar","doi":"10.1109/WAINA.2009.103","DOIUrl":null,"url":null,"abstract":"In this paper we propose a new architecture, which is composed of distributed cooperative agents to reduce the false alarm ratio of the intrusion detection systems (IDS) in a twofold contribution. The first contribution lies in reducing the false alarm rate of the attack detection in an agent-based architecture by using honeypot network as the closer level of investigation. The connection is retrieved to the original destination in case of false alarm recognition, while the actions are hidden to the user. Such a scheme significantly decreases the alarm rate and provides a higher performance of IDS. The second contribution applies the game theoretic analysis in the sense that the contributing agents are led to perform the best they could in order to achieve their goals. The Shaply value is computed to find the actual contribution of each agent in the coalition he belongs to. The Equilibrium Point is found and consequently the winner coalition is formed. In this paper the architecture of the proposed system is described, a theoretical analysis of agents' behavior is given and its possible extensions are explained.","PeriodicalId":159465,"journal":{"name":"2009 International Conference on Advanced Information Networking and Applications Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"A Multi-agent-based Approach to Improve Intrusion Detection Systems False Alarm Ratio by Using Honeypot\",\"authors\":\"B. Khosravifar, Maziar Gomrokchi, J. Bentahar\",\"doi\":\"10.1109/WAINA.2009.103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we propose a new architecture, which is composed of distributed cooperative agents to reduce the false alarm ratio of the intrusion detection systems (IDS) in a twofold contribution. The first contribution lies in reducing the false alarm rate of the attack detection in an agent-based architecture by using honeypot network as the closer level of investigation. The connection is retrieved to the original destination in case of false alarm recognition, while the actions are hidden to the user. Such a scheme significantly decreases the alarm rate and provides a higher performance of IDS. The second contribution applies the game theoretic analysis in the sense that the contributing agents are led to perform the best they could in order to achieve their goals. The Shaply value is computed to find the actual contribution of each agent in the coalition he belongs to. The Equilibrium Point is found and consequently the winner coalition is formed. In this paper the architecture of the proposed system is described, a theoretical analysis of agents' behavior is given and its possible extensions are explained.\",\"PeriodicalId\":159465,\"journal\":{\"name\":\"2009 International Conference on Advanced Information Networking and Applications Workshops\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-05-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Advanced Information Networking and Applications Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2009.103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Advanced Information Networking and Applications Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2009.103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Multi-agent-based Approach to Improve Intrusion Detection Systems False Alarm Ratio by Using Honeypot
In this paper we propose a new architecture, which is composed of distributed cooperative agents to reduce the false alarm ratio of the intrusion detection systems (IDS) in a twofold contribution. The first contribution lies in reducing the false alarm rate of the attack detection in an agent-based architecture by using honeypot network as the closer level of investigation. The connection is retrieved to the original destination in case of false alarm recognition, while the actions are hidden to the user. Such a scheme significantly decreases the alarm rate and provides a higher performance of IDS. The second contribution applies the game theoretic analysis in the sense that the contributing agents are led to perform the best they could in order to achieve their goals. The Shaply value is computed to find the actual contribution of each agent in the coalition he belongs to. The Equilibrium Point is found and consequently the winner coalition is formed. In this paper the architecture of the proposed system is described, a theoretical analysis of agents' behavior is given and its possible extensions are explained.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
