Real-time multi-agent system for an adaptive intrusion detection system

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

An adaptive intrusion detection system that can detect unknown attacks in real-time network traffic is a major concern. Conventional adaptive intrusion detection systems are computationally expensive in terms of computer resources and time because these systems have to be retrained with known and unknown attacks. In this study, a method called Real-Time Multi-agent System for an Adaptive Intrusion Detection System RTMAS-AIDS, which is based on a multi-agent system, is proposed to allow the intrusion detection system to adapt to unknown attacks in real-time. This method utilizes the classification models multi-level hybrid SVM and ELM to detect normal behavior and known attacks. An adaptive SVM model, in which processes run in parallel and are distributed in MAS, is also used to detect and learn new attacks in real-time. Results show that the proposed method significantly reduced the training cost of detecting unknown attacks compared with the conventional method. In addition, the analysis results of the popular KDDCup’99 dataset show that RTMAS-AIDS can detect Probe, R2L, and U2R attacks better than the non-retrained multi-agent system using the multi-level hybrid SVM and ELM models as well as the multi-level hybrid SVM and ELM. RTMAS-AIDS exhibited a significantly improved detection accuracy that reached 95.86% and can detect and learn unknown attacks faster (up to 61%) than the other two methods (MAS-MLSE and MLSE).

Original languageEnglish
Pages (from-to)56-64
Number of pages9
JournalPattern Recognition Letters
Volume85
DOIs
Publication statusPublished - 1 Jan 2017

Fingerprint

Intrusion detection
Multi agent systems
Costs

Keywords

  • Adaptive intrusion detection system
  • Extreme learning machine
  • Multi-agent system
  • Real-time
  • Support vector machine

ASJC Scopus subject areas

  • Software
  • Signal Processing
  • Computer Vision and Pattern Recognition
  • Artificial Intelligence

Cite this

Real-time multi-agent system for an adaptive intrusion detection system. / Al-Yaseen, Wathiq Laftah; Ali Othman, Zulaiha; Ahmad Nazri, Mohd Zakree.

In: Pattern Recognition Letters, Vol. 85, 01.01.2017, p. 56-64.

Research output: Contribution to journalArticle

@article{18c03ffff5af4d86a79286ada2ba3af1,
title = "Real-time multi-agent system for an adaptive intrusion detection system",
abstract = "An adaptive intrusion detection system that can detect unknown attacks in real-time network traffic is a major concern. Conventional adaptive intrusion detection systems are computationally expensive in terms of computer resources and time because these systems have to be retrained with known and unknown attacks. In this study, a method called Real-Time Multi-agent System for an Adaptive Intrusion Detection System RTMAS-AIDS, which is based on a multi-agent system, is proposed to allow the intrusion detection system to adapt to unknown attacks in real-time. This method utilizes the classification models multi-level hybrid SVM and ELM to detect normal behavior and known attacks. An adaptive SVM model, in which processes run in parallel and are distributed in MAS, is also used to detect and learn new attacks in real-time. Results show that the proposed method significantly reduced the training cost of detecting unknown attacks compared with the conventional method. In addition, the analysis results of the popular KDDCup’99 dataset show that RTMAS-AIDS can detect Probe, R2L, and U2R attacks better than the non-retrained multi-agent system using the multi-level hybrid SVM and ELM models as well as the multi-level hybrid SVM and ELM. RTMAS-AIDS exhibited a significantly improved detection accuracy that reached 95.86{\%} and can detect and learn unknown attacks faster (up to 61{\%}) than the other two methods (MAS-MLSE and MLSE).",
keywords = "Adaptive intrusion detection system, Extreme learning machine, Multi-agent system, Real-time, Support vector machine",
author = "Al-Yaseen, {Wathiq Laftah} and {Ali Othman}, Zulaiha and {Ahmad Nazri}, {Mohd Zakree}",
year = "2017",
month = "1",
day = "1",
doi = "10.1016/j.patrec.2016.11.018",
language = "English",
volume = "85",
pages = "56--64",
journal = "Pattern Recognition Letters",
issn = "0167-8655",
publisher = "Elsevier",

}

TY - JOUR

T1 - Real-time multi-agent system for an adaptive intrusion detection system

AU - Al-Yaseen, Wathiq Laftah

AU - Ali Othman, Zulaiha

AU - Ahmad Nazri, Mohd Zakree

PY - 2017/1/1

Y1 - 2017/1/1

N2 - An adaptive intrusion detection system that can detect unknown attacks in real-time network traffic is a major concern. Conventional adaptive intrusion detection systems are computationally expensive in terms of computer resources and time because these systems have to be retrained with known and unknown attacks. In this study, a method called Real-Time Multi-agent System for an Adaptive Intrusion Detection System RTMAS-AIDS, which is based on a multi-agent system, is proposed to allow the intrusion detection system to adapt to unknown attacks in real-time. This method utilizes the classification models multi-level hybrid SVM and ELM to detect normal behavior and known attacks. An adaptive SVM model, in which processes run in parallel and are distributed in MAS, is also used to detect and learn new attacks in real-time. Results show that the proposed method significantly reduced the training cost of detecting unknown attacks compared with the conventional method. In addition, the analysis results of the popular KDDCup’99 dataset show that RTMAS-AIDS can detect Probe, R2L, and U2R attacks better than the non-retrained multi-agent system using the multi-level hybrid SVM and ELM models as well as the multi-level hybrid SVM and ELM. RTMAS-AIDS exhibited a significantly improved detection accuracy that reached 95.86% and can detect and learn unknown attacks faster (up to 61%) than the other two methods (MAS-MLSE and MLSE).

AB - An adaptive intrusion detection system that can detect unknown attacks in real-time network traffic is a major concern. Conventional adaptive intrusion detection systems are computationally expensive in terms of computer resources and time because these systems have to be retrained with known and unknown attacks. In this study, a method called Real-Time Multi-agent System for an Adaptive Intrusion Detection System RTMAS-AIDS, which is based on a multi-agent system, is proposed to allow the intrusion detection system to adapt to unknown attacks in real-time. This method utilizes the classification models multi-level hybrid SVM and ELM to detect normal behavior and known attacks. An adaptive SVM model, in which processes run in parallel and are distributed in MAS, is also used to detect and learn new attacks in real-time. Results show that the proposed method significantly reduced the training cost of detecting unknown attacks compared with the conventional method. In addition, the analysis results of the popular KDDCup’99 dataset show that RTMAS-AIDS can detect Probe, R2L, and U2R attacks better than the non-retrained multi-agent system using the multi-level hybrid SVM and ELM models as well as the multi-level hybrid SVM and ELM. RTMAS-AIDS exhibited a significantly improved detection accuracy that reached 95.86% and can detect and learn unknown attacks faster (up to 61%) than the other two methods (MAS-MLSE and MLSE).

KW - Adaptive intrusion detection system

KW - Extreme learning machine

KW - Multi-agent system

KW - Real-time

KW - Support vector machine

UR - http://www.scopus.com/inward/record.url?scp=85003758513&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85003758513&partnerID=8YFLogxK

U2 - 10.1016/j.patrec.2016.11.018

DO - 10.1016/j.patrec.2016.11.018

M3 - Article

AN - SCOPUS:85003758513

VL - 85

SP - 56

EP - 64

JO - Pattern Recognition Letters

JF - Pattern Recognition Letters

SN - 0167-8655

ER -