TÉCNICAS INTELIGENTES, AGENTES ADAPTATIVOS Y REPRESENTACIONES ONTOLÓGICAS EN SISTEMAS DE DETECCIÓN DE INTRUSOS
Published 2010-12-13
How to Cite
Abstract
RESUMEN
La seguridad Informática requiere una optimización permanente de los mecanismos de protección y estrategias que permitan prevenir ataques en las redes y sistemas de información. El proceso de monitoreo de eventos que ocurren en un sistema o en una red a partir de patrones y firmas de posibles ataques se conoce como Sistema de Detección de Intrusos (IDS). Los IDS han escalado significativamente al punto de focalizarse en modelos basados en prevención más que en corrección, estos sistemas monitorean tráfico utilizando un conjunto de firmas para detectar actividades malignas, reportar incidentes o tomar acciones correctivas; pero cualquier cambio insertado en el patrón de un ataque, puede comprometer el sistema y evitar que la tecnología subyacente de detección o prevención sea insuficiente. En los últimos años se han planteado diferentes modelos basados en técnicas de Inteligencia Artificial que pueden ayudar a la generación automática de nuevas firmas y detectar nuevos patrones de ataque sin la intervención humana. Algunas investigaciones presentan técnicas como Redes Neuronales, Algoritmos Genéticos, Razonamiento Basado en Casos, árboles de decisión, Lógica Difusa entre otras, aplicadas a la Detección de Intrusos, además de arquitecturas basadas en Agentes Inteligentes sobre IDS Distribuidos incorporando así capacidades de autonomía, reactividad, pro actividad, movilidad y racionalidad. Este artículo es el resultado de un estudio del estado del arte de las diferentes estrategias inteligentes en IDS. Además la introducción de modelos de cooperación a partir de Agentes adaptativos y de representaciones ontológicas en los Sistemas de Detección de Intrusos Distribuidos, adicionalmente se plantean los elementos de una investigación en curso donde se incorporan estos métodos.
PALABRAS CLAVE: Sistemas de Detección de Intrusos, Detección de Intrusos Inteligente, Agentes Inteligentes, Seguridad en Redes, Representaciones Ontológicas y Semánticas Conglomerados.
ABSTRACT
Security Computing requires a permanent optimization in protection mechanisms and strategies that allow preventing attacks in the networks and information systems. The event monitoring process that happens in a system or a network using patterns or signs is known like Intrusion Detection System (IDS). The IDS have been focused more in prevention models than correction models; these systems tests traffic using a set of signs to detect malicious activities, report incidents o take correction actions; but, any change inserted in the attack pattern can compromise the system and avoid the underlying technology and make insufficient the Intrusion Detection. Over the years different models based in Artificial Intelligence techniques have been considered to help the automatic signs and patterns generation without human intervention. Some researching projects present Neuronal Networks, Genetic Algorithms, Case Based Reasoning, decision trees, Fuzzy logic applied to the Intrusion Detection; additionally using Intelligent and Mobile Agents architectures over Distributed IDS incorporating autonomy, reactivity, pro activity, mobility and rationality capabilities. This paper is result of studying state of art of multiples intelligent strategies in IDS and cooperation models using Agents and ontology representation in Intrusion Detection. This paper complements elements in a course research considering integrating these methods.
KEYWORDS: Intrusion Detection Systems, Intelligent Intrusion Detection, Intelligent Agents, Network Security, Ontology and Semantic representations.
Downloads
References
- Abad C., J. Taylor, C. Sengul, and W. Yurcik. “Log semántica y ontológica de los agentes. correlation for intrusion detection: A proof of concept”. In 19th Annual Computer Security Applications Conference, Las Vegas, NV. PP 2-10. December 2003. para definir clases, relaciones, instancias,
- Allen J., A. Christie, W. Fithen, J. McHugh, J. Pickel, propiedades y eventos de razonamiento. En esta and E. Stoner. State of the practice of intrusion detection investigación se utilizará como herramienta de technologies, PP 4-6 2000.
- Balasubramaniyam J.S., J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, and D. Zamboni. An Architecture for intrusion detection using autonomous agents. In Proceedings of the 14th Annual Computer Security Applications Conference, PP 14-16. 1998.
- Barbara, D., Couto, J., Jajodia, S., & Wu, N. (2001). ADAM: A testbed for exploring the use of data mining in intrusion detection. ACM SIGMOD Record, 30 (4). PP15-24. 2001 Published by Elsevier Science B. V., pages 21-29, 2001.
- Barbara, D., Couto, J., Jajodia, S., & Wu, N. (2002). [21]Gorodetski V, L. J. Popyack, I. V. Kotenko, and V. A. An architecture for anomaly detection. In D. Barbara & S. Skormin. “Ontology-based multi-agent model of an Jajodia (Eds.). PP 6-7. 2002 information security system”. In 7th International
- Barika F., Kadhi N.. Intelligent and Mobile Agent for Workshop, RSFDGrC, Springer, volume 1711 of Lecture Intrusion Detection System:IMA-IDS Laboratoire SOIIE. Notes in Computer Science, Yamaguchi, Japan, 1999 Voltaire Le Kremlin Bicetre France. PP 9-14 September [22]Gómez J, and Dasgupta D. Evolving Fuzzy 30, 2003 Classifiers for Intrusion Detection. Proceedings of the
- Barnett B., and Dai N. Vu. Vulnerability assessment 2002 IEEE Workshop on Information Assurance United and intrusion detection with dynamic software agents. States Military Academy, West Point, NY. PP. 1-7 June In Proceedings of the Software Technology Conference, 2001. PP 162-167. April 1997. [23]Hendler J. “DARPA Agent Markup
- Bass T. Multisensor data fusion for next generation L a n g u a g e + O n t o l o g y I n t e r f a c e L a y e r ” distributed intrusion detection systems. In Proceedings http://www.daml.org/2001/03/daml+oil-index, 2001. of the IRIS National Symposium on Sensor and Data [24]Hulmer G., J. S.K. Wong, V. Honavar, L. Miller, Y. Fusion, May 1999. Wang, “Lightweight Agents for Intrusion Detection”,
- Benattou M., and K. Tamine. Intelligent Agents for Journal of Systems and Software 67 (03), pages 109- Distributed Intrusion Detection System. Transactions 122, 2003. On Engineering, Computing And Technology V6. PP 4-5 [25]Jansen W, P. Mell, T. Karygiannis, and D. Marks. June 2005 "applying mobile agents to intrusion detection and
- Bernardes M., and E. Dos Santos Moreira. response". Technical report, NIST Interim Report - 6416, Implementation of an intrusion detection system based October 1999. on mobile agents. In International Symposium on [26] Jansen W., “Intrusion detection with mobile Software Engineering for Parallel and Distributed agents”, Computer communication (15): PP: 1392-1401, Systems, PP 8-10. 2000. 2002.
- Boudaoud K., N. Foukia, Z. Guessoum An Intelligent [27]Jansen W., P. Mell, Karygiannis, and D. Marks, Agent Approach for Security Management, Proceeding “Applying mobile agents to intrusion detection and of the 7th HP OpenView University Association Plenary response,” Interim Report (IR) 6416, NIST, October Workshop, Greece. PP 12-14 June 2000. 1999.
- Burroughs D., L. Wilson, and George V. Cybenko. [28]Kannadiga P.; Zulkernine, M.; “DIDMA: a Analysis of Distributed Intrusion Detection Systems distributed intrusion detection system using mobile Using Bayesian Methods, PP 7. 2002. agents”, Software Engineering, Artificial Intelligence,
- Christopher K. Applying Mobile Agent Technology to Networking and Parallel/Distributed Computing. PP. 238 Intrusion Detection Technical University Viena, 2001 245. May 2005.
- Crosbie, M., and Spafford, E. H. Defending a [29]Kumar, S. Classification and Detection of Computer Computer System using Autonomous Agents. 18th Intrusions. PhD thesis, Department of Computer National Information Systems Security Conference, pp. Sciences, Purdue University. West Lafayette, IN, 1995. 549558, October 1995. [30]Kumar, S., and Spafford, E. H. An Application of
- Curry D and H. Debar. “Intrusion detection message Pattern Matching in Intrusion Detection. Tech. Rep. exchange format data model and extensible markup CSDTR94013, Department of Comptuter Sciences, language (xml) document type definition.” PP 2-12. Purdue University, West Lafayette, IN, June 1994. January 2003. [31]Kuregel W., T. Toth, and E. Kirda. Service Specific.
- De Boer R. A Generic Architecture for Fusion-Based “Anomaly Detection for Network Intrusion Detection”. Intrusion Detection Systems. 2002 In Symposium on Applied Computing (SAC). ACM
- Eckmann S, G. Vigna, and R. Kemmerer. “STATL: An Scientific Press, PP 9,22. March 2002. Attack Language for State-based Intrusion Detection”. [32]Krügel C., T. Toth, and E. Kirda, “Sparta - a mobile Journal of Computer Security, PP. 71 . 104, 2002. agent based intrusion detection system,” in IFIP
- Eid M., “A New Mobile Agent-Based Intrusion Conference on Network Security, Belgium, 2001, Kluwer detection System Using distributed Sensors”, In Academic Publishers. proceeding of FEASC, 2004. [33]Krügel C., T. Toth. Flexible, Mobile Agent Based
- Feiertag, R., Rho, S., Benzinger, L., Wu, S., Intrusion Detection for Dynamic Networks Distributed Redmond, T., Zhang, C., Levitt, K., Peticolas, D., Systems Group, Technical University Vienna A-1040 Heckman, M., Staniford, S., & McAlerney, J. Applications Argentinierstrasse 8, Viena 2001 of Data Mining in Computer Security (pp. 63-76). [34]Kumar S,Spafford EH. A software architecture to Boston: Intrusion detection inter-component adaptive support misuse intrusion detection. In: Proceedings of negotiation. Computer Networks, 34, 605-621. 2000 the 18th national information security conference,1995.
- Fenet S. and S. Hassas, “A Distributed Intrusion p. 194204. Response System Based on Mobile Autonomous Agents [35]Kumar S,Spafford EH. An application of pattern Using Social Insects Communication Paradigm”. matching in intrusion detection. Technical Report CSD