Title: Integrated Intrusion Detection Scheme using Agents

Issue Number: Vol. 9, No. 1
Year of Publication: March - 2020
Page Numbers: 26-33
Authors: Kajal Rai, Ajay Guleria, M. Syamala Devi
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002646


Misuse based Intrusion Detection System (IDS) employs various signature matching techniques against stored databases to find intrusions in a network. Anomaly-based Intrusion Detection System does behavior modeling of network traffic and classifies it as normal behavior or attacks. A behavior which deviates from normal is the indication of an attack. The proposed integrated IDS combine the benefits of both approaches. An agent is a software program that is capable of doing independent actions on behalf of user. In the proposed system is a multi-agent based IDS three agents are used (Interface agent, training agent, and detector agent). In the proposed integrated approach, first the incoming packets are classified using a misuse approach based on a decision tree by agents, and then the packets are passed to the anomaly phase where these packets are again classified via agents using anomaly approach based where payload frequencies are categorized. The final decision is made by taking the output from both approaches. The primary benefit of an integrated strategy is that it can uncover both known and novel attacks in the network. The proposed integrated intrusion detection system is tested on the standard data set, i.e., DARPA and collected data set of Panjab University, Chandigarh. It is observed from the results that integrated approach achieve higher accuracy than the individual approaches.