Multi-Agent Systems for Integrated Host and Network Based Intrusion Detection

 

Personnel

Dr. Johnny Wong , Professor of Computer Science, Principal Investigator

Dr. Vasant Honavar, Professor of Computer Science and of Bioinformatics and Computational Biology, Co-Principal Investigator

Dr. Les Miller , Professor of Computer Science, Co-Principal Investigator.

 

Summary

This research was aimed at the development of approaches for monitoring complex Distributed Systems (e.g., computer systems, communication networks, power systems) for coordinated attacks using information from multiple are equipped with sensors and measurement devices. Both host and network-based approaches were investigated as part of this research. Results of this research include:

• New tools for formal specification of intrusions using colored Petri nets and software fault trees (Helmer et al., 2002)
• Design and implementation of a multi-agent system for detection of coordinated or concerted attacks on distributed computing systems in particular by monitoring different processes, resources, users, events, and extract and integrate relevant information from disparate sources over multiple space and time scales (Wong et al., 2001; Helmer et al., 2003; Wang et al., 2005)
• Development of data mining approaches for learning predictive rules for anomaly and misuse detection (Helmer et al., 2002).

 

Funding

This research was funded in part by a grant from the United States Department of Defense.

 

Representative Publications

1. Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., Wang, Y., Wang, X., and Stakhanova, N. Software Fault Tree and Colored Petri Net Based Specification, Design, and Implementation of Agent-Based Intrusion Detection Systems. International Journal of Information and Computer Security. Vol. 1. No. 1, Accepted, 2006.
2. Kang, D-K., Fuller, D., and Honavar, V. Learning Misuse and Anomaly Detectors from System Call Frequency Vector Representation. IEEE International Conference on Intelligence and Security Informatics. Springer-Verlag Lecture Notes in Computer Science, Springer-Verlag. Vol. 3495. pp. 511-516, 2005.
3. Kang, D-K., Fuller, D., and Honavar, V. Learning Classifiers for Misuse and Anomaly Detection Using a Bag of System Calls Representation. Proceedings of the 6th IEEE Systems, Man, and Cybernetics Workshop (IAW 05), West Point, NY, IEEE. pp. 118-125, 2005.
4. Wang, Y., Behera, S., Wong, J., Helmer, G., Honavar, V., Miller, L., and Lutz, R. Towards Automatic Generation of Mobile Agents for Distributed Intrusion Detection Systems. Journal of Systems and Software, Accepted, 2004.
5. Helmer, G., Wong, J., Honavar, V., and Miller, L. Lightweight Agents for Intrusion Detection. Journal of Systems and Software. Vol. 67. No. 2. pp. 109-122, 2003.
6. Helmer, G., Wong, J., Honavar, V., and Miller, L. Automated Discovery of Concise Predictive Rules for Intrusion Detection. Journal of Systems and Software. Vol. 60. No. 3. pp. 165-175, 2002.

Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., and Lutz, R. A Software Fault Tree Approach to Requirements Specification of an Intrusion Detection System. Requirements Engineering. Vol. 7. No. 4. pp. 207-220, 2002.
7. Wong, J., Helmer, G., Naganathan, V. Polavarapu, S., Honavar, V., and Miller, L. SMART Mobile Agent Facility. Journal of Systems and Software. Vol. 56. No. 1. pp. 9-22, 2001.
8. Honavar, V., Miller, L. and Wong, J. Distributed Knowledge Networks. Proceedings of the IEEE Information Technology Conference, Syracuse, NY., IEEE Press, 1998.
9. Helmer, G., Wong, J., Honavar, V. and Miller, L. (1998). Intelligent Agents for Intrusion Detection. In: Proceedings of the IEEE Information Technology Conference. Syracuse, NY.
10. Honavar, V., Miller, L., and Wong, J. Distributed Knowledge Networks. In: Unifying Themes in Complex Systems (Ed. Bar-Yam, Y., and Minai, A.), Perseus Books 2004.