Accession Number:

ADA540167

Title:

A Multi Agent System for Flow-Based Intrusion Detection Using Reputation and Evolutionary Computation

Descriptive Note:

Master's thesis

Corporate Author:

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT

Personal Author(s):

Report Date:

2011-03-01

Pagination or Media Count:

179.0

Abstract:

The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection ID techniques. To respond to these challenges, a multi agent system MAS coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops 1 a scalable software architecture for a new, self-organized, multi agent, flow-based ID system and 2 a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1 a reputation system that influences agent mobility in the search for effective vantage points in the network and 2 multi objective evolutionary algorithms that seek effective operational parameter values. This paper illustrates, through quantitative and qualitative evaluation, 1 the conditions for which the reputation system provides a significant benefit and 2 essential functionality of a complex network simulation environment supporting a broad range of malicious activity scenarios. These results establish an optimistic outlook for further research in flow-based multi agent systems for ID in computer networks.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE