A Multi Agent System for Flow-Based Intrusion Detection Using Reputation and Evolutionary Computation

The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage points in the network; and 2) multi objective evolutionary algorithms that seek effective operational parameter values. This paper illustrates, through quantitative and qualitative evaluation, 1) the conditions for which the reputation system provides a significant benefit; and 2) essential functionality of a complex network simulation environment supporting a broad range of malicious activity scenarios. These results establish an optimistic outlook for further research in flow-based multi agent systems for ID in computer networks

Applying blockchain to improve the integrity of the software development process

Software development is a complex endeavor that encompasses application and implementation layers with functional (refers to what is done) and non-functional (how is done) aspects. The efforts to scale agile software development practices are not wholly able to address issues such as integrity, which is a crucial non-functional aspect of the software development process. However, if we consider most software failures are Byzantine failures (i.e., where components may fail and there is imperfect information on which a component has failed.) that might impair the operation but do not completely disable the production line. In this paper, we assume software practitioners who cause defects as Byzantine participants and claim that most software failures can be mitigated by viewing software development as the Byzantine Generals Problem. Consequently, we propose a test-driven incentive mechanism based on a blockchain concept to orchestrate the software development process where production is controlled by a similar infrastructure based on the working principles of blockchain. We discuss the model that integrates blockchain with the software development process, and provide some recommendations for future work to address the issues while orchestrating software productio

REPUTATION COMPUTATION IN SOCIAL NETWORKS AND ITS APPLICATIONS

This thesis focuses on a quantification of reputation and presents models which compute reputation within networked environments. Reputation manifests past behaviors of users and helps others to predict behaviors of users and therefore reduce risks in future interactions. There are two approaches in computing reputation on networks- namely, the macro-level approach and the micro-level approach. A macro-level assumes that there exists a computing entity outside of a given network who can observe the entire network including degree distributions and relationships among nodes. In a micro-level approach, the entity is one of the nodes in a network and therefore can only observe the information local to itself, such as its own neighbors behaviors. In particular, we study reputation computation algorithms in online distributed environments such as social networks and develop reputation computation algorithms to address limitations of existing models. We analyze and discuss some properties of reputation values of a large number of agents including power-law distribution and their diffusion property. Computing reputation of another within a network requires knowledge of degrees of its neighbors. We develop an algorithm for estimating degrees of each neighbor. The algorithm considers observations associated with neighbors as a Bernoulli trial and repeatedly estimate degrees of neighbors as a new observation occurs. We experimentally show that the algorithm can compute the degrees of neighbors more accurately than a simple counting of observations. Finally, we design a bayesian reputation game where reputation is used as payoffs. The game theoretic view of reputation computation reflects another level of reality in which all agents are rational in sharing reputation information of others. An interesting behavior of agents within such a game theoretic environment is that cooperation- i.e., sharing true reputation information- emerges without an explicit punishment mechanism nor a direct reward mechanisms

MFIRE-2: A Multi Agent System for Flow-based Intrusion Detection Using Stochastic Search

Detecting attacks targeted against military and commercial computer networks is a crucial element in the domain of cyberwarfare. The traditional method of signature-based intrusion detection is a primary mechanism to alert administrators to malicious activity. However, signature-based methods are not capable of detecting new or novel attacks. This research continues the development of a novel simulated, multiagent, flow-based intrusion detection system called MFIRE. Agents in the network are trained to recognize common attacks, and they share data with other agents to improve the overall effectiveness of the system. A Support Vector Machine (SVM) is the primary classifier with which agents determine an attack is occurring. Agents are prompted to move to different locations within the network to find better vantage points, and two methods for achieving this are developed. One uses a centralized reputation-based model, and the other uses a decentralized model optimized with stochastic search. The latter is tested for basic functionality. The reputation model is extensively tested in two configurations and results show that it is significantly superior to a system with non-moving agents. The resulting system, MFIRE-2, demonstrates exciting new network defense capabilities, and should be considered for implementation in future cyberwarfare applications

A Multi Agent System for Flow-Based Intrusion Detection

The detection and elimination of threats to cyber security is essential for system functionality, protection of valuable information, and preventing costly destruction of assets. This thesis presents a Mobile Multi-Agent Flow-Based IDS called MFIREv3 that provides network anomaly detection of intrusions and automated defense. This version of the MFIRE system includes the development and testing of a Multi-Objective Evolutionary Algorithm (MOEA) for feature selection that provides agents with the optimal set of features for classifying the state of the network. Feature selection provides separable data points for the selected attacks: Worm, Distributed Denial of Service, Man-in-the-Middle, Scan, and Trojan. This investigation develops three techniques of self-organization for multiple distributed agents in an intrusion detection system: Reputation, Stochastic, and Maximum Cover. These three movement models are tested for effectiveness in locating good agent vantage points within the network to classify the state of the network. MFIREv3 also introduces the design of defensive measures to limit the effects of network attacks. Defensive measures included in this research are rate-limiting and elimination of infected nodes. The results of this research provide an optimistic outlook for flow-based multi-agent systems for cyber security. The impact of this research illustrates how feature selection in cooperation with movement models for multi agent systems provides excellent attack detection and classification

Network-aware heuristics for inter-domain meta-scheduling in Grids

AbstractGrid computing generally involves the aggregation of geographically distributed resources in the context of a particular application. As such resources can exist within different administrative domains, requirements on the communication network must also be taken into account when performing meta-scheduling, migration or monitoring of jobs. Similarly, coordinating efficient interaction between different domains should also be considered when performing such meta-scheduling of jobs. A strategy to perform peer-to-peer-inspired meta-scheduling in Grids is presented. This strategy has three main goals: (1) it takes the network characteristics into account when performing meta-scheduling; (2) communication and query referral between domains is considered, so that efficient meta-scheduling can be performed; and (3) the strategy demonstrates scalability, making it suitable for many scientific applications that require resources on a large scale. Simulation results are presented that demonstrate the usefulness of this approach, and it is compared with other proposals from literature

Combinatorial-Based Auction For The Transportation Procurement: An Optimization-Oriented Review

This paper conducts a literature review on freight transport service procurements (FTSP) and explores the application of combinatorial auctions (CAs) mechanism and the mathematical modeling approach of the associated problems. It provides an overview of modeling the problems and their solution strategies. The results demonstrate that there has been limited scholarly attention to sustainable issues, risk mitigation and the stochastic nature of parameters. Finally, several promising future directions for FTSP research have been proposed, including FTSP for green orientation in the context of carbon reduction, shipper’s reputation, carrier collaboration for bid generation, etc