Overview
This research focuses on development of a new framework for intrusion detection called Probabilistic Agent-based Intrusion Detection (PAID), developed using agent encapsulated Bayesian networks. It allows agents to share their beliefs, i.e., the calculated probability distribution of event occurance. A unique feature of our model is that the agents use the soft evidential update method to process beliefs. This provides a continuous scale for intrusion detection, supports merging of signature based and anomaly based systems, and also reduces the communication overhead in a distributed intrusion detection scenario. We have developed a FIPA complaint agent communication architecture that provides a prototype implementation.

We have demonstrated the feasibility of probabilistic intrusion detection technique using soft evidential updates. We have developed and implemented an intrusion detection architecture called Probabilistic Agent-Based Intrusion Detection (PAID). The advantages of PAID are:

• It needs low volume of data that must be sent over network in a distributed intrusion detection scenario.
• It provides a continuous scale to represent the probabilities of events. This feature allows easy exploration of the trade-off between sensitivity and selectivity that affects the rate of false positive and false negative decisions.
• PAID can support both misuse-detection based and anomaly-based intrusion detection.
• The distributed nature of PAID and the fact that each agent is an autonomous entity increases the efficiency of the processing and there is no single point of failure.

Links:

• Agent based Intrusion Detection with Soft Evidence. 14th IRMA International Conference, May 2003
• Gowadia, V., Farkas, C. and M. Valtorta. (2005) PAID: A Probaabilistic Agent-Based Intrusion Detection. (Accepted) Computers & Security, June 2005.