Autonomous decision on intrusion detection with trained BDI agents

In the context of computer security, the first step to respond to an intrusive incident is the detection of such activity in the monitored system. In recent years, research in intrusion detection has evolved to become a multi-discipline task that involves areas such as data mining, decision analysis, agent-based systems or cost–benefit analysis among others. We propose a multiagent IDS that considers decision analysis techniques in order to configure itself optimally according to the conditions faced. This IDS also provides a quantitative measure of the value of the response decision it can autonomously take. Results regarding the well-known 1999 KDD dataset are shown.Publicad

A hybrid agent-based classification mechanism to detect denial of service attacks

This paper presents the core component of a solution based on agent technology specifically adapted for the classification of SOAP messages. The messages can carry out attacks that target the applications providing Web Services. One of the most common attacks requiring novel solutions is the denial of service attack (DoS), caused for the modifications introduced in the XML of the SOAP messages. The specifications of existing security standards do not focus on this type of attack. This article presents an advanced mechanism of classification designed in two phases incorporated within a CBR-BDI Agent type. This mechanism classifies the incoming SOAP message and blocks the malicious SOAP messages. Its main feature involves the use of decision trees, fuzzy logic rules and neural networks for filtering attacks. These techniques provide a mechanism of classification with the self-adaption ability to the changes that occur in the patterns of attack. A prototype was developed and the results obtained are presented in this study.This paper presents the core component of a solution based on agent technology specifically adapted for the classification of SOAP messages. The messages can carry out attacks that target the applications providing Web Services. One of the most common attacks requiring novel solutions is the denial of service attack (DoS), caused for the modifications introduced in the XML of the SOAP messages. The specifications of existing security standards do not focus on this type of attack. This article presents an advanced mechanism of classification designed in two phases incorporated within a CBR-BDI Agent type. This mechanism classifies the incoming SOAP message and blocks the malicious SOAP messages. Its main feature involves the use of decision trees, fuzzy logic rules and neural networks for filtering attacks. These techniques provide a mechanism of classification with the self-adaption ability to the changes that occur in the patterns of attack. A prototype was developed and the results obtained are presented in this study

SCMAS: A distributed hierarchical multi-agent architecture for blocking attacks to databases

One of the main attacks on databases is the SQL injection attack which causes severe damage both in the commercial aspect and the confidence of users. This paper presents a novel strategy for detecting and preventing SQL injection attacks consisting of a multi-agent based architecture called SCMAS. The SCMAS architecture is structured in hierarchical layers and incorporates SQLCBR agents with improved learning and adaptation capabilities. The SQLCBR agents presented within this paper have been specifically designed to classify SQL injection attacks and to predict the behaviour of malicious users. These agents incorporate a new technique based on a mixture of neural networks and a technique based on a temporal series. This paper begins with a detailed explanation of the SCMAS architecture and the SQLCBR agents. The results of their application to a case study are then presented and discussed.One of the main attacks on databases is the SQL injection attack which causes severe damage both in the commercial aspect and the confidence of users. This paper presents a novel strategy for detecting and preventing SQL injection attacks consisting of a multi-agent based architecture called SCMAS. The SCMAS architecture is structured in hierarchical layers and incorporates SQLCBR agents with improved learning and adaptation capabilities. The SQLCBR agents presented within this paper have been specifically designed to classify SQL injection attacks and to predict the behaviour of malicious users. These agents incorporate a new technique based on a mixture of neural networks and a technique based on a temporal series. This paper begins with a detailed explanation of the SCMAS architecture and the SQLCBR agents. The results of their application to a case study are then presented and discussed

Drones and the Fourth Amendment: Redefining Expectations of Privacy

Drones have gained notoriety as a weapon against foreign terrorist targets; yet, they have also recently made headlines as an instrument for domestic surveillance. With their sophisticated capabilities and continuously decreasing costs, it is not surprising that drones have attracted numerous consumers—most notably, law enforcement. Courts will likely soon have to decipher the limits on the government’s use of drones under the Fourth Amendment. But it is unclear where, or even whether, drones would fall under the current jurisprudence. Because of their diverse and sophisticated designs and capabilities, drones might be able to maneuver through the Fourth Amendment’s doctrinal loopholes. This Note advocates analyzing drones under an adapted approach to the reasonable-expectation-of-privacy test in Katz v. United States. Courts should focus more on the test’s oft-neglected first prong—whether a person exhibited a subjective expectation of privacy—and analyze what information falls within the scope of that expectation, excluding information knowingly exposed to the plain view of the public. This analysis also considers instances when, although a subjective expectation exists, it may be impossible or implausible to reasonably exhibit that expectation, a dilemma especially relevant to an analysis of drones. Courts that adopt the recommended analysis would have a coherent and comprehensible approach to factually dynamic cases challenging the constitutionality of drone surveillance. Until then, the constitutional uncertainties of these cases will likely linger

Incorporating Temporal Constraints in the Planning Task of a Hybrid Intelligent IDS

Accurate and swift responses are crucial to Intrusion Detection Systems (IDSs), especially if automatic abortion mechanisms are running. In keeping with this idea, this work presents an extension of a Hybrid Intelligent IDS characterized by incorporating temporal control to facilitate real-time processing. The hybrid intelligent -IDS has been conceived as a Hybrid Artificial Intelligent System to perform Intrusion Detection in dynamic computer networks. It combines Artificial Neural Networks and Case-based Reasoning within a multiagent system, in order to develop a more efficient computer network security architecture. Although this temporal issue was taken into account in the initial formulation of this hybrid IDS, in this upgraded version, temporal restrictions are imposed in order to perform real/execution time processing. Experimental results are presented which validate the performance of this upgraded version

Multi-Agent Framework in Visual Sensor Networks

21 pages, 21 figures.-- Journal special issue on Visual Sensor Networks.The recent interest in the surveillance of public, military, and commercial scenarios is increasing the need to develop and deploy intelligent and/or automated distributed visual surveillance systems. Many applications based on distributed resources use the so-called software agent technology. In this paper, a multi-agent framework is applied to coordinate videocamera-based surveillance. The ability to coordinate agents improves the global image and task distribution efficiency. In our proposal, a software agent is embedded in each camera and controls the capture parameters. Then coordination is based on the exchange of high-level messages among agents. Agents use an internal symbolic model to interpret the current situation from the messages from all other agents to improve global coordination.This work was funded by projects CICYT TSI2005-07344, CICYT TEC2005-07186, and CAM MADRINET S-0505/TIC/0255.Publicad

Approaching Real-Time Intrusion Detection through MOVICAB-IDS

This paper presents an extension of MOVICAB-IDS, a Hybrid Intelligent Intrusion Detection System characterized by incorporating temporal control to enable real-time processing and response. The original formulation of MOVICAB-IDS combines artificial neural networks and case-based reasoning within a multiagent system to perform Intrusion Detection in dynamic computer networks. The contribution of the anytime algorithm, one of the most promising to adapt Artificial Intelligent techniques to real-time requirements; is comprehensively presented in this work