Intrusion detection systems (IDS) are security tools designed to monitor computer systems for suspicious events. To reduce the risk of intrusion, which is one of the threats to computer security, a team of researchers at UC3M have unveiled a multi-agent system that identifies suspicious events and autonomously determines whether or not any action should be taken. According to Professor Agustin Orfila of the Department of Informatics of the UC3M, both these are desirable features in an IDS.
At present, Spain lags behind in advancing investigations in multi-agent architectures for IDS compared to other countries. According to the investigator, the innovation behind the study is the use of deliberative agents that can adapt to the surroundings they are confronted with, and consider their past success in an independent manner to decide whether or not they should respond when facing a suspect event. This is achieved by using a “quantitative model that weighs the loss that an intrusion would provoke against the cost of taking responsive action”, Professor Orfila indicates. In this way, the IDS multi-agent determines the best system configuration for each scenario and decides if a response is appropriate, quantifying to what extent IDS supports the calculated decision. One of the most common intrusions attacks are the “port scan attack” (searching for open ports), denial-of-service attack, achieving unrestricted access to the target computer and triying to acces a computer remotely.
Farewell to intrusions
According to the National Institute of Standards and Technologies of the United States, “Intrusion detection is the process of detecting unauthorized use of, or attack upon, a computer or network. IDSs are software or hardware systems that detect such misuse.” Professor Orfila adds that an agent should be imparted with capabilities such as reactivity, sociability, self-initiative, adaptation, mobility, with a final result of representing a person. “In this way, the IDS multi-agent architecture allows us to distribute the detection load and better co-ordinate the process, with the consequence of accomplishing a more efficient detection”, explains the professor.
Security administrators would be the ideal users for the system because “it would allow them to quantify the value that the IDS attaches to its decisions and moreover, it would indicate how to adequately tune the IDS to its environment”, states Professor Orfila. Nevertheless, in order to implement its use, he adds, the IDS would have to be adapted to the traffic of the real network, the system would require to be trained for the concrete surroundings and the functionality would have to be evaluated in this real environment.
This study, published in the magazine Computer Communication under the title “Autonomous decision on intrusion detection with trained BDI agents”, has been developed by Agustín Orfila, Javier Carbó and Arturo Ribagorda, of the Grupo de Seguridad de las Tecnologías de la Información y las Comunicaciones and the Grupo de Inteligencia Artificial Aplicada of the Departamento de Informática of the UC3M.
Oficina de Información Científic | alfa
Construction of practical quantum computers radically simplified
05.12.2016 | University of Sussex
UT professor develops algorithm to improve online mapping of disaster areas
29.11.2016 | University of Tennessee at Knoxville
In recent years, lasers with ultrashort pulses (USP) down to the femtosecond range have become established on an industrial scale. They could advance some applications with the much-lauded “cold ablation” – if that meant they would then achieve more throughput. A new generation of process engineering that will address this issue in particular will be discussed at the “4th UKP Workshop – Ultrafast Laser Technology” in April 2017.
Even back in the 1990s, scientists were comparing materials processing with nanosecond, picosecond and femtosesecond pulses. The result was surprising:...
Have you ever wondered how you see the world? Vision is about photons of light, which are packets of energy, interacting with the atoms or molecules in what...
A multi-institutional research collaboration has created a novel approach for fabricating three-dimensional micro-optics through the shape-defined formation of porous silicon (PSi), with broad impacts in integrated optoelectronics, imaging, and photovoltaics.
Working with colleagues at Stanford and The Dow Chemical Company, researchers at the University of Illinois at Urbana-Champaign fabricated 3-D birefringent...
In experiments with magnetic atoms conducted at extremely low temperatures, scientists have demonstrated a unique phase of matter: The atoms form a new type of quantum liquid or quantum droplet state. These so called quantum droplets may preserve their form in absence of external confinement because of quantum effects. The joint team of experimental physicists from Innsbruck and theoretical physicists from Hannover report on their findings in the journal Physical Review X.
“Our Quantum droplets are in the gas phase but they still drop like a rock,” explains experimental physicist Francesca Ferlaino when talking about the...
The Max Planck Institute for Physics (MPP) is opening up a new research field. A workshop from November 21 - 22, 2016 will mark the start of activities for an innovative axion experiment. Axions are still only purely hypothetical particles. Their detection could solve two fundamental problems in particle physics: What dark matter consists of and why it has not yet been possible to directly observe a CP violation for the strong interaction.
The “MADMAX” project is the MPP’s commitment to axion research. Axions are so far only a theoretical prediction and are difficult to detect: on the one hand,...
16.11.2016 | Event News
01.11.2016 | Event News
14.10.2016 | Event News
07.12.2016 | Health and Medicine
07.12.2016 | Life Sciences
07.12.2016 | Health and Medicine