Intrusion detection systems (IDS) are security tools designed to monitor computer systems for suspicious events. To reduce the risk of intrusion, which is one of the threats to computer security, a team of researchers at UC3M have unveiled a multi-agent system that identifies suspicious events and autonomously determines whether or not any action should be taken. According to Professor Agustin Orfila of the Department of Informatics of the UC3M, both these are desirable features in an IDS.
At present, Spain lags behind in advancing investigations in multi-agent architectures for IDS compared to other countries. According to the investigator, the innovation behind the study is the use of deliberative agents that can adapt to the surroundings they are confronted with, and consider their past success in an independent manner to decide whether or not they should respond when facing a suspect event. This is achieved by using a “quantitative model that weighs the loss that an intrusion would provoke against the cost of taking responsive action”, Professor Orfila indicates. In this way, the IDS multi-agent determines the best system configuration for each scenario and decides if a response is appropriate, quantifying to what extent IDS supports the calculated decision. One of the most common intrusions attacks are the “port scan attack” (searching for open ports), denial-of-service attack, achieving unrestricted access to the target computer and triying to acces a computer remotely.
Farewell to intrusions
According to the National Institute of Standards and Technologies of the United States, “Intrusion detection is the process of detecting unauthorized use of, or attack upon, a computer or network. IDSs are software or hardware systems that detect such misuse.” Professor Orfila adds that an agent should be imparted with capabilities such as reactivity, sociability, self-initiative, adaptation, mobility, with a final result of representing a person. “In this way, the IDS multi-agent architecture allows us to distribute the detection load and better co-ordinate the process, with the consequence of accomplishing a more efficient detection”, explains the professor.
Security administrators would be the ideal users for the system because “it would allow them to quantify the value that the IDS attaches to its decisions and moreover, it would indicate how to adequately tune the IDS to its environment”, states Professor Orfila. Nevertheless, in order to implement its use, he adds, the IDS would have to be adapted to the traffic of the real network, the system would require to be trained for the concrete surroundings and the functionality would have to be evaluated in this real environment.
This study, published in the magazine Computer Communication under the title “Autonomous decision on intrusion detection with trained BDI agents”, has been developed by Agustín Orfila, Javier Carbó and Arturo Ribagorda, of the Grupo de Seguridad de las Tecnologías de la Información y las Comunicaciones and the Grupo de Inteligencia Artificial Aplicada of the Departamento de Informática of the UC3M.
Oficina de Información Científic | alfa
Ultra-precise chip-scale sensor detects unprecedentedly small changes at the nanoscale
18.01.2017 | The Hebrew University of Jerusalem
Data analysis optimizes cyber-physical systems in telecommunications and building automation
18.01.2017 | Fraunhofer-Institut für Algorithmen und Wissenschaftliches Rechnen SCAI
For the first time ever, a cloud of ultra-cold atoms has been successfully created in space on board of a sounding rocket. The MAIUS mission demonstrates that quantum optical sensors can be operated even in harsh environments like space – a prerequi-site for finding answers to the most challenging questions of fundamental physics and an important innovation driver for everyday applications.
According to Albert Einstein's Equivalence Principle, all bodies are accelerated at the same rate by the Earth's gravity, regardless of their properties. This...
An important step towards a completely new experimental access to quantum physics has been made at University of Konstanz. The team of scientists headed by...
Yersiniae cause severe intestinal infections. Studies using Yersinia pseudotuberculosis as a model organism aim to elucidate the infection mechanisms of these...
Researchers from the University of Hamburg in Germany, in collaboration with colleagues from the University of Aarhus in Denmark, have synthesized a new superconducting material by growing a few layers of an antiferromagnetic transition-metal chalcogenide on a bismuth-based topological insulator, both being non-superconducting materials.
While superconductivity and magnetism are generally believed to be mutually exclusive, surprisingly, in this new material, superconducting correlations...
Laser-driving of semimetals allows creating novel quasiparticle states within condensed matter systems and switching between different states on ultrafast time scales
Studying properties of fundamental particles in condensed matter systems is a promising approach to quantum field theory. Quasiparticles offer the opportunity...
19.01.2017 | Event News
10.01.2017 | Event News
09.01.2017 | Event News
23.01.2017 | Health and Medicine
23.01.2017 | Physics and Astronomy
23.01.2017 | Process Engineering