A Multi Agent System for Flow-Based Intrusion Detection Using Reputation and Evolutionary Computation
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection ID techniques. To respond to these challenges, a multi agent system MAS coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops 1 a scalable software architecture for a new, self-organized, multi agent, flow-based ID system and 2 a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1 a reputation system that influences agent mobility in the search for effective vantage points in the network and 2 multi objective evolutionary algorithms that seek effective operational parameter values. This paper illustrates, through quantitative and qualitative evaluation, 1 the conditions for which the reputation system provides a significant benefit and 2 essential functionality of a complex network simulation environment supporting a broad range of malicious activity scenarios. These results establish an optimistic outlook for further research in flow-based multi agent systems for ID in computer networks.
- Computer Systems Management and Standards