A multi-agent-based approach to improve intrusion detection systems false alarm ratio by using honeypot

Babak Khosravifar, Maziar Gomrokchi, Jamal Bentahar

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

In this paper we propose a new architecture, which is composed of distributed cooperative agents to reduce the false alarm ratio of the intrusion detection systems (IDS) in a twofold contribution. The first contribution lies in reducing the false alarm rate of the attack detection in an agent-based architecture by using honeypot network as the closer level of investigation. The connection is retrieved to the original destination in case of false alarm recognition, while the actions are hidden to the user. Such a scheme significantly decreases the alarm rate and provides a higher performance of IDS. The second contribution applies the game theoretic analysis in the sense that the contributing agents are led to perform the best they could in order to achieve their goals. The Shaply value is computed to find the actual contribution of each agent in the coalition he belongs to. The Equilibrium Point is found and consequently the winner coalition is formed. In this paper the architecture of the proposed system is described, a theoretical analysis of agents' behavior is given and its possible extensions are explained.

Original languageBritish English
Title of host publicationProceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009
Pages97-102
Number of pages6
DOIs
StatePublished - 2009
Event2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009 - Bradford, United Kingdom
Duration: 26 May 200929 May 2009

Publication series

NameProceedings - International Conference on Advanced Information Networking and Applications, AINA
ISSN (Print)1550-445X

Conference

Conference2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009
Country/TerritoryUnited Kingdom
CityBradford
Period26/05/0929/05/09

Keywords

  • Game theory
  • Honeypot
  • Intrusion detection system
  • Multi-agent system

Fingerprint

Dive into the research topics of 'A multi-agent-based approach to improve intrusion detection systems false alarm ratio by using honeypot'. Together they form a unique fingerprint.

Cite this