| | |
Summary: Integrating Partial Models of Network Normality via Cooperative Negotiation:
An Approach to Development of Multiagent Intrusion Detection Systems
Francesco Amigoni Fabrizio Basilico Nicola Basilico
Stefano Zanero
Dipartimento di Elettronica e Informazione
Politecnico di Milano
Piazza Leonardo da Vinci 32, 20133 Milano, Italy
francesco.amigoni@polimi.it, fabrizio.basilico@gmail.com, {basilico,zanero}@elet.polimi.it
Abstract
Using agents for developing intrusion detection systems
can provide several advantages, including configurability,
adaptability, scalability, and robustness. Almost all works
in agent-based intrusion detection have considered agents
as elements that perform specific tasks in the intrusion de-
tection process. In this paper, we propose a novel way of
using agents to solve one of the most pressing problems in
intrusion detection: the definition of an accurate model of
network normality. We consider agents as associated to
partial models of network normality that harmonize their
conflicts via cooperative negotiation. Experimental results
|
