ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System

Security of computers and the networks that connect them is increasingly becoming of great significance. Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to the fact that it is more and more improbable to a system administrator to recognize and manually intervene to stop an attack, there is an increasing recognition that ID systems should have a lot to earn on following its basic principles on the behavior of complex natural systems, namely in what refers to self-organization, allowing for a real distributed and collective perception of this phenomena. With that aim in mind, the present work presents a self-organized ant colony based intrusion detection system (ANTIDS) to detect intrusions in a network infrastructure. The performance is compared among conventional soft computing paradigms like Decision Trees, Support Vector Machines and Linear Genetic Programming to model fast, online and efficient intrusion detection systems.Comment: 13 pages, 3 figures, Swarm Intelligence and Patterns (SIP)- special track at WSTST 2005, Muroran, JAPA

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems

Bioinspired Principles for Large-Scale Networked Sensor Systems: An Overview

Biology has often been used as a source of inspiration in computer science and engineering. Bioinspired principles have found their way into network node design and research due to the appealing analogies between biological systems and large networks of small sensors. This paper provides an overview of bioinspired principles and methods such as swarm intelligence, natural time synchronization, artificial immune system and intercellular information exchange applicable for sensor network design. Bioinspired principles and methods are discussed in the context of routing, clustering, time synchronization, optimal node deployment, localization and security and privacy

Survival in the e-conomy: 2nd Australian information warfare & security conference 2001

This is an international conference for academics and industry specialists in information warfare, security, and other related fields. The conference has drawn participants from national and international organisations

Performance of Machine Learning and Big Data Analytics paradigms in Cybersecurity and Cloud Computing Platforms

The purpose of the research is to evaluate Machine Learning and Big Data Analytics paradigms for use in Cybersecurity. Cybersecurity refers to a combination of technologies, processes and operations that are framed to protect information systems, computers, devices, programs, data and networks from internal or external threats, harm, damage, attacks or unauthorized access. The main characteristic of Machine Learning (ML) is the automatic data analysis of large data sets and production of models for the general relationships found among data. ML algorithms, as part of Artificial Intelligence, can be clustered into supervised, unsupervised, semi-supervised, and reinforcement learning algorithms

TÉCNICAS INTELIGENTES, AGENTES ADAPTATIVOS Y REPRESENTACIONES ONTOLÓGICAS EN SISTEMAS DE DETECCIÓN DE INTRUSOS

RESUMEN La seguridad Informática requiere una optimización permanente de los mecanismos de protección y estrategias que permitan prevenir ataques en las redes y sistemas de información. El proceso de monitoreo de eventos que ocurren en un sistema o en una red a partir de patrones y firmas de posibles ataques se conoce como Sistema de Detección de Intrusos (IDS). Los IDS han escalado significativamente al punto de focalizarse en modelos basados en prevención más que en corrección, estos sistemas monitorean tráfico utilizando un conjunto de firmas para detectar actividades malignas, reportar incidentes o tomar acciones correctivas; pero cualquier cambio insertado en el patrón de un ataque, puede comprometer el sistema y evitar que la tecnología subyacente de detección o prevención sea insuficiente. En los últimos años se han planteado diferentes modelos basados en técnicas de Inteligencia Artificial que pueden ayudar a la generación automática de nuevas firmas y detectar nuevos patrones de ataque sin la intervención humana. Algunas investigaciones presentan técnicas como Redes Neuronales, Algoritmos Genéticos, Razonamiento Basado en Casos, árboles de decisión, Lógica Difusa entre otras, aplicadas a la Detección de Intrusos, además de arquitecturas basadas en Agentes Inteligentes sobre IDS Distribuidos incorporando así capacidades de autonomía, reactividad, pro actividad, movilidad y racionalidad. Este artículo es el resultado de un estudio del estado del arte de las diferentes estrategias inteligentes en IDS. Además la introducción de modelos de cooperación a partir de Agentes adaptativos y de representaciones ontológicas en los Sistemas de Detección de Intrusos Distribuidos, adicionalmente se plantean los elementos de una investigación en curso donde se incorporan estos métodos.PALABRAS CLAVE: Sistemas de Detección de Intrusos, Detección de Intrusos Inteligente, Agentes Inteligentes, Seguridad en Redes, Representaciones Ontológicas y Semánticas Conglomerados.   ABSTRACT Security Computing requires a permanent optimization in protection mechanisms and strategies that allow preventing attacks in the networks and information systems. The event monitoring process that happens in a system or a network using patterns or signs is known like Intrusion Detection System (IDS).    The IDS have been focused more in prevention models than correction models; these systems tests traffic using a set of signs to detect malicious activities, report incidents o take correction actions; but, any change inserted in the attack pattern can compromise the system and avoid the underlying technology and make insufficient the Intrusion Detection. Over the years different models based in Artificial Intelligence techniques have been considered to help the automatic signs and patterns generation without human intervention.     Some     researching     projects     present Neuronal Networks, Genetic Algorithms, Case Based Reasoning, decision trees, Fuzzy logic applied to the Intrusion Detection; additionally using Intelligent and Mobile Agents architectures over Distributed IDS incorporating autonomy, reactivity, pro activity, mobility and    rationality    capabilities.     This    paper    is    result    of studying state of art of multiples intelligent strategies in IDS and cooperation models using Agents and ontology representation in Intrusion Detection. This paper complements elements in a course research considering integrating these methods.KEYWORDS: Intrusion Detection Systems, Intelligent Intrusion Detection, Intelligent Agents, Network Security, Ontology and Semantic representations

Bio-inspired multi-agent systems for reconfigurable manufacturing systems

The current market’s demand for customization and responsiveness is a major challenge for producing intelligent, adaptive manufacturing systems. The Multi-Agent System (MAS) paradigm offers an alternative way to design this kind of system based on decentralized control using distributed, autonomous agents, thus replacing the traditional centralized control approach. The MAS solutions provide modularity, flexibility and robustness, thus addressing the responsiveness property, but usually do not consider true adaptation and re-configuration. Understanding how, in nature, complex things are performed in a simple and effective way allows us to mimic nature’s insights and develop powerful adaptive systems that able to evolve, thus dealing with the current challenges imposed on manufactur- ing systems. The paper provides an overview of some of the principles found in nature and biology and analyses the effectiveness of bio-inspired methods, which are used to enhance multi-agent systems to solve complex engineering problems, especially in the manufacturing field. An industrial automation case study is used to illustrate a bio-inspired method based on potential fields to dynamically route pallets

Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges

As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR