Cooperative multi agents for intelligent intrusion detection and prevention systems / Shahaboddin Shamshirband
Owing to the distributed nature of modern attacks (e.g. denial-of-service), it is extremely challenging to detect such malicious behaviour using traditional intrusion detection systems. In this thesis, we investigate the possibility of adapting an intelligent system to an Intrusion Detection System...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Published: |
2014
|
Subjects: | |
Online Access: | http://studentsrepo.um.edu.my/4672/1/Full_Chapters%2DShahab%2D_22_Nov%2D_Final_Final_Final_Final_Final_.pdf http://studentsrepo.um.edu.my/4672/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Malaya |
Summary: | Owing to the distributed nature of modern attacks (e.g. denial-of-service), it is extremely challenging to detect such malicious behaviour using traditional intrusion detection systems. In this thesis, we investigate the possibility of adapting an intelligent system to an Intrusion Detection System (IDS) by proposing a cooperative and intelligent detection and prevention system using machine learning approaches, and aim to facilitate the detection and prevention process in a distributed environment. Firstly, we review the state of the art of intelligent intrusion detection and prevention system (IIDPS), and highlight the security requirement of cooperative based-IIDPS. Adaptive optimization techniques such as fuzzy logic controller (FLC), reinforcement learning are discussed in this thesis in order to adopt Q-leaning algorithm to FLCs. We investigate the detection capability based on the fuzzy Q-learning (FQL) algorithm and evaluate it using distribute denial of service attacks (DDoS). Later, we investigate the game based-FQL algorithm by combining the game theoretic approach and the fuzzy Q-learning algorithm. This thesis evaluates the proposed solution using flooding attacks in wireless sensor networks (i.e. a type of DDoS attack). In order to measure the evaluation, several performance metrics, such as frequency of convergence of the detection scheme, accuracy of detection, false alarm rate, defence rate and energy consumption, are addressed as part of detection and prevention scheme. We perform the aforementioned investigations using several simulation experiments. The quantitative results acquired from the experiments are benchmarked with corresponding results acquired from the cooperative attack detection scheme. Through the result comparisons, we demonstrate the significance of cooperative detection mechanism, for detecting distributed denial of service attacks in a timely and energy-efficient manner, accuracy of detection and defence, as well as false alarm rate. |
---|