Collaborative systems research in the last decade have led to the development in several areas ranging from social computing, e-learning systems to management of complex computer networks. Intrusion Detection Systems (IDS) available today have a number of problems that limit their configurability, scalability or efficiency. An important shortcoming is that the existing architectures is built around a single entity that does most of the data collection and analysis. This work introduces a new architecture for intrusion detection and prevention based on multiple autonomous agents working collectively. We adopt a temporal logic approach to signature-based intrusion detection. We specify intrusion patterns as formulas in a monitorable logic called EAGLE. We also incorporate logics of knowledge into the agents. We implement a prototype tool, called MIDTL and use this tool to detect a variety of security attacks in large log-files provided by DARPA.
Das, Paritosh and Niyogi, Rajdeep
"A Temporal Logic Based Approach to Multi-Agent Intrusion Detection and Prevention,"
International Journal of Communication Networks and Security: Vol. 1
, Article 11.
Available at: https://www.interscience.in/ijcns/vol1/iss1/11