Int. J. of Agent-Oriented Software Engineering   »   2007 Vol.1, No.2



Title: Agent-oriented network intrusion detection system using data mining approaches


Author: Tak-Chung Fu, Chung-Leung Lui


Data Cog Corporation Ltd., China Aerospace Centre, Unit 1201, 12/F, 143 Hoi Bun Road, Kwun Tong, Kowloon, Hong Kong.
Data Cog Corporation Ltd., China Aerospace Centre Unit 1201, 12/F, 143 Hoi Bun Road, Kwun Tong, Kowloon, Hong Kong


Abstract: Most of the existing commercial Network Intrusion Detection System (NIDS) products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the actual behaviour of network traffic, and the portfolio mined is useful for differentiating 'normal' and 'attack' traffics. On the other hand, most of the current researches use only one engine for detection of various attacks; the proposed system, which is constructed by a number of agents, is totally different in both training and detecting processes. Each of the agents has its own strength in capturing a kind of network behaviour and hence the system has strength in detecting different types of attack. In addition, its ability in detecting new types of attack and its higher tolerance to fluctuations were shown. The experimental results showed that the frequent patterns mined from the audit data could be used as reliable agents, which outperformed the traditional signature-based NIDS.


Keywords: network intrusion detection; agents; data mining; clustering; association rules; sequential association rules; agent-oriented software; network behaviour; agent-based systems; multi-agent systems.


DOI: 10.1504/IJAOSE.2007.014403


Int. J. of Agent-Oriented Software Engineering, 2007 Vol.1, No.2, pp.158 - 174


Available online: 05 Jul 2007



Editors Full text accessAccess for SubscribersPurchase this articleComment on this article