Академический Документы
Профессиональный Документы
Культура Документы
Fabrizio Basilico
Nicola Basilico
Stefano Zanero
Dipartimento di Elettronica e Informazione
Politecnico di Milano
Piazza Leonardo da Vinci 32, 20133 Milano, Italy
francesco.amigoni@polimi.it, fabrizio.basilico@gmail.com, {basilico,zanero}@elet.polimi.it
Abstract
1. Introduction
Intrusion detection refers to techniques that, observing
the activities of a computer system, are able of identifying possible attempts at compromising the confidentiality, integrity, or availability of its resources or services.
These attempts are usually called intrusions, and any system for their identification is an Intrusion Detection System (IDS) [4]. IDSs can be broadly divided in two classes.
A misuse detection system uses a knowledge base of descriptive patterns of intrusions and looks for sequences of
events that match these patterns. Conversely, anomaly detection systems model normality: they embed a model of
the normal behavior of a system and look for significant
deviations from such a model. While alarms raised by misuse detection systems precisely identify intrusions that occured, anomaly detection systems output an attack probability which is usually directly proportional to the degree of
detected anomaly. Anomaly detection systems are widely
studied because of their potentialities, for example they can
9780769534961/08$25.002008IEEE
DOI10.1109/WIIAT.2008.323
498
531
Although the use of autonomous agents for developing configurable, adaptable, scalable, and robust intrusion detection systems has been advocated in recent literature [6, 10, 19], our approach is significantly different. In
all the above cases, agents are elements that perform some
tasks in the intrusion detection process, for example collecting data over a network, while in our case agents are associated to partial models of network normality. This is one
of the main original contributions of this paper. The experimental results we obtained with a prototype are promising
and show the potential of our approach for developing better intrusion detection systems. About this point, we explicitly note that, differently from most papers on agent-based
intrusion detection systems, we provide a quantitative analysis of our prototype.
atively perform two steps. In the first step (), each agent
individually exploits its partial model to analyze sk and to
produce an attack probability value, according to steps (a)(c) above. As already discussed, these values are likely to
be different for different agents since they are computed according to different views of network normality. In the second step (), the agents perform a collective iterative process, a cooperative negotiation, to reach an agreement on a
global value for attack probability. The final agreement can
be seen as a shared global diagnosis of the network state sk ,
to which all agents (i.e., all partial models) contributed. The
two steps () and () are then repeated for the next network
state sk+1 .
The proposed multiagent IDS is reported in Figure 1.
Agents M1 , M2 , . . . , Mn embed partial models. The mediator is a sort of system supervisor; its role will be explained
in the next section. The extractor agent provides an abstraction level on the network data. It reads, pre-processes, and
publishes network data in a shared memory area that other
agents can access to read current network state. The synchronization between data publishing and data reading is
enforced by the mediator.
2.1
General Architecture
A partial model describes the normal behavior of the network considering only a limited number of factors. Therefore, it represents an approximated view of normality, obtained considering only some specific aspects. From the
anomaly detection point of view, a partial model can be used
to identify only a limited set of anomalies, namely the network activities that deviate from its partial view of normality. Hence, our approach translates the problem of building
a comprehensive model of network normality into the problem of building several partial models and combining them
together. This can introduce advantages, including ease of
design, because partial models are simpler than complete
ones, and modularity, since partial models can be added and
removed without affecting the existing ones.
A partial model is used to produce an attack probability following this pattern of activities. (a) Read the current
state sk (at time k) of the network; for example, read the
packets transmitted over the network in a recent time interval. (b) Analyze the state sk , using the approximated
view of normality the partial model provides to find anomalies. (c) Produce an attack probability for state sk , namely
the probability that the identified anomalies reflect an intrusion. Since starting from the same state sk different partial
models will produce different attack probabilities, a combination of such models is needed to obtain a global attack
probability, namely a global diagnosis of the network state.
We associate each partial model to an agent. Hence, the
resulting multiagent system includes different partial models. Given a state sk of the monitored network, agents iter-
."&/'(01
2%&%
+,&(%-&'(
!"#$%&'(
!)
34%("#1
5"5'(61
%("%
2%&%
!*
."7'&$%&$'*
8'*&('9
2.2
Cooperative Negotiation
In this section, we describe how agents cooperatively negotiate over the attack probability. The negotiation protocol
we used is similar to that in [8] and basically extends the
classic alternating-offers protocol [17] with the introduction
of a mediator. The mediator acts as a central coordinator between agents {Mi } and synchronizes their activities during
the negotiation process. The following sequence of (iterated) activities is denoted as negotiation session at state sk :
1. Given the state sk of the network at a time k (as provided by the extractor agent), each agent Mi computes
an initial offer p0i for the attack probability using its
partial model (step () above).
532
499
has been defined as the weighted average of the attack probability values offered by agents, where the weights are the
importance values (n is the number of agents taking part to
the
negotiation): at = A(pt1 , W1 , pt2 , W2 , . . . , ptn , Wn ) =
Pn
t
i=1 pi Wi
P
. From the above formula, it can be seen that in
n
i=1 Wi
our cooperative negotiation framework, the influence of an
agent on the current agreement is directly proportional to its
importance value. Importance is constant during a negotiation session, since its value depends only on the current
observed state. In the proposed architecture, importance
has been computed according to the following principle:
the more evidently an anomaly has been identified using a
partial model, the more important will be the agent associated to that model. Importance of an agent Mi is computed
according to Figure 2. Given an attack probability p produced using the partial model of Mi in the current state sk ,
if p ! pl then the agent is in a low-level alarm phase and
its importance is equal to Wmin . Analogously if p " ph . If
pl ! p ! ph importance is computed as a linear interpolation of Wmin and Wmax .
100
Importance
Wmax
Wmin
Pl
Ph
Probability
3. Experimental Results
In this section, we describe the experimental validation
of our multiagent IDS. Specifically, we describe the implemented prototype and its experimental evaluation.
3.1
patt =
534
501
3.3
The experimental evaluation we conducted has been devoted to validate the viability of our approach and not to
assess its absolute performance. Due to space limitations,
we report only a small portion of our experimental results.
We first present the results obtained employing all the
three partial models, each one associated to an agent. Attacks are considered to be identified when attack probability is larger than 0.8. Results show 62.26% true positive
and 0.89% false positive rates. These are good, especially
when considering the very simple partial models used. The
attacks that have not been identified are mainly attacks that
cannot be identified by our three partial models. An example is an httptunnel attack performed with low frequency
connections that does not produce any anomaly in the network data. However, these attacks could be identified by
adding other partial models. Although our results may seem
worse than some others shown in literature, the comparison
is not easy because of a number of reasons. For example,
the system in [6] has been reported to achieve a true positive
rate of 83.33% with no false positives. However, these results have been obtained with a training data set (during the
learning of the fuzzy classifier rules, see next section) and
with only two possible attacks. To the best of our knowledge, we are not aware of any performance result of that
system over a testing data set. We explicitly note that this is
a common situation for agent-based IDSs for which quantitative experimental evaluations are hard to find in published
papers. For example, the recent work in [16] presents anecdotical experimental results that show the ability of the system to distinguish different attacks, but do not present any
complete assessment of system performance, as we try to
do in this paper.
As a second experiment, we present the performance of
the system when varying the number of agents. Given a
configuration, its performance can be described by pairs of
false positive and true positive rates over the data set, each
of them computed for a different value of probability threshold. These results can be graphically represented with a
ROC curve. The larger the area under a ROC curve, the
better the performance of the corresponding configuration.
ROC curves for different system configurations are plotted
in Figure 4. Performance improves when increasing the
number of agents in the system: the configurations of the
Rank at state sk
P ORT
SCORE
Q
175
120
O
F
95
E
80
G
75
3.2
Experimental Evaluation
Implementation Details
System parameters
T
180s
t
60s
pl
0.3
ph
0.8
L
H
Wmin
Wmax
Models parameters
Syn-Flags
Reset-Flags
600
600
0.4
15
20
70
90
Port-Ranking
600
5
0.4
10
50
535
502
-./01232,4.56789:;37.5
-./01232,4.56789:;37.5,<73=.93,528.37;37.5
>.9?12,4.56789:;37.5@,A2B23!C1;8B,;5D,E.:3!A;5F758
>.9?12,4.56789:;37.5@,GH5!C1;8B,;5D,A2B23!C1;8B
>.9?12,4.56789:;37.5@,GH5!C1;8B,;5D,E.:3!A;5F758
I;B21752
#
!"*
!"(
!"&
!"$
!,
!
!"#
!"$
!"%
!"&
!"'
!"(
!")
!"*
!"+
4. Related Works
Agents are employed in IDSs in two broad ways. On the
one hand, they are used as a technology for implementing
IDSs. Examples are the use of mobile agents for collecting and processing information around a network [11]. On
the other hand, agents are used as a paradigm for developing IDSs and their architectures. In this case, IDSs are designed by associating agents to key elements of the systems.
Since the system proposed in this paper follows this second
approach, in the remainder of this section we concentrate
on the most significant systems that use agents mainly as a
design concept. We note that the main difference between
these systems and ours is that we associate agents to partial models and not to structural elements of the IDS (like
data processing and monitoring elements).
AAFID (Autonomous Agents for Intrusion Detection) [19] is one of the earliest agent-based IDSs. Each host
on the network has a number of agents collecting and analyzing data to generate reports that are sent to a transceiver.
536
503
[5] J. Bingam and L. Du. Cooperative negotiation in a multiagent system for real-time load balancing of a mobile cellular network. In Proc. AAMAS, pages 568575, 2003.
[6] D. Dasgupta, F. Gonzalez, K. Yallapu, J. Gomez, and
R. Yarramsettii. CIDS: An agent-based intrusion detection
system. COMPUT SECUR, 24(5):387398, 2005.
[7] D. Denning. An intrusion-detection model. IEEE T SOFTWARE ENG, 13(2):222232, 1987.
[8] N. Gatti and F. Amigoni. A cooperative negotiation protocol for physiological model combination. In Proc. AAMAS,
pages 656663, 2004.
[9] A. Ghosh and S. Sen. Agent-based distributed intrusion alert
system. In Proc. IWDC, volume LNCS 3326, pages 240
251, 2004.
[10] V. Gowadia, C. Farkas, and M. Valtorta. PAID: A probabilistic agent-based intrusion detection system. COMPUT
SECUR, 24(7):529545, 2005.
[11] G. Helmer, J. Wong, V. Honavar, and L. Miller. Lightweight
agents for intrusion detection.
J SYST SOFTWARE,
67(2):109122, 2003.
[12] W. Lee, S. Stolfo, and K. Mok. Mining in a data-flow environment: Experience in network intrusion detection. In
Proc. KDD, pages 114124, 1999.
[13] R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das.
Analysis and results of the 1999 DARPA off-line intrusion
detection evaluation. In Proc. RAID, pages 162182, 2000.
[14] M. Mahoney and P. Chan. Learning nonstationary models of
normal network traffic for detecting novel attacks. In Proc.
KDD, pages 376385, 2002.
[15] R. Mailler, V. Lesser, and B. Horling. Cooperative negotiation for soft real-time distributed resource allocation. In
Proc. AAMAS, pages 576583, 2003.
[16] M. Rehak, M. Pechoucek, K. Bartos, M. Grill, P. Celeda,
and V. Krmicek. CAMNEP: An intrusion detection system
for high-speed networks. Progress in Informatics, 5:6574,
2008.
[17] A. Rubinstein. Perfect equilibrium in a bargaining model.
Econometrica, 50(1):97109, 1982.
[18] M. Shajari and A. Ghorbani. Application of belief-desireintention agents in intrusion detection & response. In Proc.
PST, pages 181191, 2004.
[19] E. Spafford and D. Zamboni. Intrusion detection using autonomous agents. COMPUT NETW, 34:547570, 2000.
[20] S. Zanero. Analyzing TCP traffic patterns using self organizing maps. In Proc. ICIAP, volume LNCS 3617, pages
8390, 2005.
[21] S. Zanero. Unsupervised Learning Algorithms for Intrusion
Detection. PhD thesis, Politecnico di Milano, Milano, Italy,
2006.
5. Conclusions
In this paper we have presented an original approach to
the development of IDSs that is based on the integration
of several different partial models, representing specific aspects of the normality of a network. Partial models are harmonized by embedding them in agents and by letting these
agents cooperatively negotiate over the attack probability.
The experimental results are encouraging and make us confident that using more sophisticated partial models will lead
to systems that may compete with more traditional IDSs.
Note that, while in principle cooperative negotiation can be
substituted by an equivalent process centralized in the mediator, our approach is more flexible because it facilitates
the changes to the composition of the system. For example, adding a new partial model (e.g., Port-Ranking) to the
system is straightforward and does not require any modification to the other partial models, as shown in experimental
results, while adding a new partial model to a centralized
system is more complex.
Future work can address different aspects. For example,
real use of our agent-based IDS, beyond better partial models and a deeper analysis of their correlation, requires to
address some real-time and scalability issues. Another direction of work is the improvement of the cooperative negotiation mechanism, for allowing the agents to reach a shared
agreement with some guarantee on the time bounds within
which this agreement will be reached.
References
[1] F. Amigoni, A. Beda, and N. Gatti. Combining multi-sensor
rate-adaptive pacing algorithms via multiagent negotiation.
IEEE T INF TECHNOL B, 10(1):1118, 2006.
[2] F. Amigoni, M. Dini, N. Gatti, and M. Somalvico. Anthropic
agency: A multiagent system for physiological processes.
ARTIF INTELL MED, 27(3):305334, 2003.
[3] F. Amigoni and N. Gatti. A formal framework for connective stability of highly decentralized cooperative negotiations. AUTON AGENT MULTI-AG, 15(3):253279, 2007.
[4] R. Bace. Intrusion detection. Macmillan Publishing, 2000.
537
504