Multi-agent Based Approach of Botnet Detection in Computer Systems

Savenko, Oleg; Lysenko, Sergii; Kryschuk, Andriy

doi:10.1007/978-3-642-31217-5_19

Cited by 14 publications

(10 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The analysis process can be done by an individual agent or collectively by a team of agents. The location of the analyzer agent can be either centralized at a specific location in the network, such as the security centre [19], [20], [55], or decentralized at several points on the network [45], [56], [57]. The third component is the management and coordination component that used to configure, organize, and maintain the multi-agent IDS architecture.…”

Section: ) the Computational Components Classificationmentioning

confidence: 99%

“…However, there are a few studies that also included tasks such as data collection, aggregation, synchronization, and preparation for analysis by analyzer agent(s). These tasks, in some cases, were embedded in sensor agents [58], [64], while in other cases, they were added to the tasks of analysis agents [57], [65]. As apart of data collection and synchronization, sensor and analysis agents also encompassed methods to generate and derive new features, from the accumulated data, these features assumed to be effective in classifying the attack incidents [4], [5], [54].…”

Section: ) Data Collection and Synchronizationmentioning

confidence: 99%

“…The architecture also uses prior knowledge and agents' own experience in making decisions. The architectures proposed in [16]- [18], [92], [106] encompass reinforcement learning algorithms with fuzzy logic (as a function approximation) to adapt by selecting the best strategy for detecting attacks and responding to it. The main issue in these architectures, as stated by the researchers, is that convergence may not occur, and that means the optimal solution is not guaranteed.…”

Section: ) Adaptation and Learningmentioning

confidence: 99%

“…Centralized/ Decentralized Collaboration 3 [14] Distributed Distributed. Decentralized Coordination and scalability 4 [44] Distributed Decentralized Decentralized Fault-tolerance 5 [45] Distributed Decentralized Decentralized Robustness and fault tolerance 6 [49], [50], [57], [106] Distributed Distributed Decentralized Cooperation 7 [51] Distributed Distributed Decentralized Cooperation, learning and scalability 8 [54] Distributed Decentralized Centralized Self-orgnization 9 [59] Distributed Centralized Centralized Self-healing 10 [61] Distributed Distributed Decentralized Coordination, scalability and load balancing 11 [65] Distributed Distributed Decentralized Adaptation, self healing and cooperation 12 [66] Distributed Decentralized Decentralized Cooperation, coordination, scalability and learning 13 [68] Distributed Decentralized Decentralized Cooperation, learning, and self-adaptation 14 [70] Distributed Decentralized Decentralized Adaptation and intelligence 15 [95], [101] Distributed Decentralized Decentralized Cooperation 16 [79] Distributed Distributed Decentralized Cooperation, extendability,load balancing and fault tolerance 17 [87] Distributed Distributed Centralized Cooperation and reasoning 18 [93] Distributed Decentralized Decentralized Autonomy and cooperation 19 [102] Distributed Distributed Decentralized fault tolerance 20 [107] Distributed Decentralized Decentralized Cooperation, scalability Dynamically adaptive structure (20 studies) 1 [5] Distributed Dynamic. Centralized Adaptation and collaboration 2 [16] Distributed Decentralized Centralized Collaboration, adaptation, reliability 3 [35] Distributed Decentralized centralized Adaptation, coordination and learnung 4 [37] Distributed Centralized Centralized self management 5 [48] Distributed Decentralized Centralized/ Decentralized Scalability, collaborative, learning, and robustness [62] Distributed Decentralized Decentralized Cooperation, adaptation, scalability and learning 13 [67] Distributed Centralized Centralized Adaptation, cooper...…”

Section: A Multi-agent Ids Architectural Properties and Characteristicsmentioning

confidence: 99%

See 3 more Smart Citations

A Systematic State-of-the-Art Analysis of Multi-Agent Intrusion Detection

et al. 2020

View full text Add to dashboard Cite

Multi-agent architectures have been successful in attaining considerable attention among computer security researchers. This is so, because of their demonstrated capabilities such as autonomy, embedded intelligence, learning and self-growing knowledge-base, high scalability, fault tolerance, and automatic parallelism. These characteristics have made this technology a de facto standard for developing ambient security systems to meet the open and dynamic nature of today's online communities. Although multi-agent architectures are increasingly studied in the area of computer security, there is still not enough empirical evidence on their performance in intrusions and attacks detection. The aim of this paper is to report the systematic literature review conducted in the context of specific research questions, to investigate multi-agent IDS architectures to highlight the issues that affect their performance in terms of detection accuracy and response time. We used pertinent keywords and terms to search and retrieve the most recent research studies, on multi-agent IDS architectures, from the major research databases and digital libraries such as SCOPUS, Springer, and IEEE Explore. The search processes resulted in a number of studies; among them, there were journal articles, book chapters, conference papers, dissertations, and theses. The obtained studies were assessed and filtered out, and finally, there were over 71 studies chosen to answer the research questions. The results of this study have shown that multi-agent architectures include several advantages that can help in the development of ambient IDS. However, it has been found that there are several issues in the current multi-agent IDS architectures that may degrade the accuracy and response time of intrusions and attacks detection. Based on our findings, the issues of multi-agent IDS architectures include limitations in the techniques, mechanisms, and schemes used for multi-agent IDS adaptation and learning, load balancing, scalability, fault-tolerance, and high communication overhead. It has also been found that new measurement metrics are required for evaluating multi-agent IDS architectures.

show abstract

Section: ) the Computational Components Classificationmentioning

confidence: 99%

Section: ) Data Collection and Synchronizationmentioning

confidence: 99%

Section: ) Adaptation and Learningmentioning

confidence: 99%

Section: A Multi-agent Ids Architectural Properties and Characteristicsmentioning

confidence: 99%

See 2 more Smart Citations

A Systematic State-of-the-Art Analysis of Multi-Agent Intrusion Detection

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Probably, the most efficient way to combat an automous botnet is an approach that also uses some kind of intelligent agents. There are some MAS-based detection approaches as those presented by Pomorova et al [24] and Savenko et al [25]. In this way, we could create a MAS-based approach to show a possible combat method against intelligent botnets.…”

Section: Combating Intelligent Botsmentioning

confidence: 99%

Attacking and Defending with Intelligent Botnets

Danziger¹,

Henriques²

2017

Anais De XXXV Simpósio Brasileiro De Telecomunicações E Processamento De Sinais

View full text Add to dashboard Cite

Machine learning (ML) has been seen as a great ally of security. All his potential to automate actions with some level of intelligence has called the attention of industry which is using it on security systems. However, attackers have also noted all ML potential. In a first moment, attackers have tried to fight MLbased security tools through the study and exploitation of weak points in ML techniques. It is named as adversarial machine learning. Besides this first application, someone could apply a ML-based tool directly against a security system. It is the case of intelligent botnets-a different type of botnet made of relatively intelligent bots which can take decisions by their own during the attack. So, in this work we are making a reflection on the future of botnets within the context of ML and showing that this kind of botnet could break the current detection approaches. We also point out to the need for creating new approaches to combat bots with some kind of intelligence. Moreover, we propose a theoretical model of intelligent bots, their possible impacts and combat strategies.

show abstract