Title: A Snort-based agent for a JADE multi-agent intrusion detection system

Authors: E. Mosqueira-Rey, A. Alonso-Betanzos, B. Guijarro-Berdinas, D. Alonso-Rios, J. Lago-Pineiro

Addresses: Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain. ' Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain. ' Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain. ' Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain. ' Department of Computer Science, University of A Coruna, Campus de Elvina, A Coruna, 15071, Spain

Abstract: We describe the design of a misuse detection agent, one of the distinct agents in a multi-agent-based intrusion detection system. This system is being implemented in JADE, a well-known multi-agent platform based in Java. The agent analyses the packets in the network connections using a packet sniffer and then creates a data model based on the information obtained. This data model is the input to a rule-based inference engine agent, which uses the Rete algorithm for pattern matching and the rules of the signature-based intrusion detection system, Snort. Specifically, an implementation in Java language – the Drools-JBoss Rules – was used and a parser was implemented that converts Snort rules into Drools rules. The use of object-oriented techniques, together with design patterns, means that the agent is flexible, easily configurable and extensible.

Keywords: misuse detection; intrusion detection; intelligent agents; multi-agent systems; MAS; Snort; network packet sniffing; JADE; Drools-JBoss; agent-based systems; object-oriented techniques; design patterns.

DOI: 10.1504/IJIIDS.2009.023041

International Journal of Intelligent Information and Database Systems, 2009 Vol.3 No.1, pp.107 - 121

Published online: 08 Feb 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article