Authors: Tak-Chung Fu, Chung-Leung Lui
Addresses: Data Cog Corporation Ltd., China Aerospace Centre, Unit 1201, 12/F, 143 Hoi Bun Road, Kwun Tong, Kowloon, Hong Kong. ' Data Cog Corporation Ltd., China Aerospace Centre Unit 1201, 12/F, 143 Hoi Bun Road, Kwun Tong, Kowloon, Hong Kong
Abstract: Most of the existing commercial Network Intrusion Detection System (NIDS) products are signature-based but not adaptive. In this paper, an adaptive NIDS using data mining technology is developed. Data mining approaches are used to accurately capture the actual behaviour of network traffic, and the portfolio mined is useful for differentiating |normal| and |attack| traffics. On the other hand, most of the current researches use only one engine for detection of various attacks; the proposed system, which is constructed by a number of agents, is totally different in both training and detecting processes. Each of the agents has its own strength in capturing a kind of network behaviour and hence the system has strength in detecting different types of attack. In addition, its ability in detecting new types of attack and its higher tolerance to fluctuations were shown. The experimental results showed that the frequent patterns mined from the audit data could be used as reliable agents, which outperformed the traditional signature-based NIDS.
Keywords: network intrusion detection; agents; data mining; clustering; association rules; sequential association rules; agent-oriented software; network behaviour; agent-based systems; multi-agent systems.
International Journal of Agent-Oriented Software Engineering, 2007 Vol.1 No.2, pp.158 - 174
Published online: 05 Jul 2007 *Full-text access for editors Access for subscribers Purchase this article Comment on this article