Search results for "Intrusion Detection"
showing 10 items of 69 documents
Dynamic Distributed Intrusion Detection for Secure Multi-Robot Systems
2009
A general technique to build a dynamic and distributed intrusion detector for a class of multi–agent systems is proposed in this paper, by which misbehavior in the motion of one or more agents can be discovered. Previous work from the authors has focused on how to distinguish the behavior of a misbehaving agent in a completely distributed way, by developing a solution where agents act as local monitors of their neighbors and use locally sensed information as well as data received from other monitors at a particular time. In this work, we improve the system detection capability by allowing monitors to use information collected at different instants and thus realizing a dynamic state observer…
Decentralized intrusion detection for secure cooperative multi-agent systems
2007
In this paper we address the problem of detecting faulty behaviors of cooperative mobile agents. A novel decentralized and scalable architecture that can be adopted to realize a monitor of the agents’ behavior is proposed. We consider agents which may perform different independent tasks, but cooperate to guarantee the entire system’s safety. Agents plan their next actions by following a set of rules which is shared among them. Such rules are decentralized, i.e. they dictate actions that depend only on configurations of neighboring agents. Some agents may not be acting according to this cooperation protocol, due to tampering or spontaneous failure. To detect such misbehaviors we propose a so…
Consensus-based Distributed Intrusion Detection for Multi-Robot Systems
2008
This paper addresses a security problem in robotic multi-agent systems, where agents are supposed to cooperate according to a shared protocol. A distributed Intrusion Detection System (IDS) is proposed here, that detects possible non-cooperative agents. Previous work by the authors showed how single monitors embedded on-board the agents can detect non- cooperative behavior, using only locally available information. In this paper, we allow such monitors to share the collected information in order to overcome their sensing limitation. In this perspective, we show how an agreement on the type of behavior of a target-robot may be reached by the monitors, through execution of a suitable consensu…
Distributed Intrusion Detection for the Security of Industrial Cooperative Robotic Systems
2014
Abstract This paper addresses the problem of detecting possible intruders in a group of autonomous robots which coexist in a shared environment and interact with each other according to a set of common rules. We consider intruders as robots which misbehave, i.e. do not follow the rules, because of either spontaneous failures or malicious reprogramming. Our goal is to detect intruders by observing the congruence of their behavior with the social rules as applied to the current state of the overall system. Moreover, in accordance with the fully distributed nature of the problem, the detection itself must be performed by individual robots, based only on local information. We present a general …
Local Monitor Implementation for Decentralized Intrusion Detection in Secure Multi–Agent Systems
2007
This paper focuses on the detection of misbehav- ing agents within a group of mobile robots. A novel approach to automatically synthesize a decentralized Intrusion Detection System (IDS) as well as an efficient implementation of local monitors are presented. In our scenario, agents perform possi- bly different independent tasks, but cooperate to guarantee the entire system’s safety. Indeed, agents plan their next actions by following a set of logic rules which is shared among them. Such rules are decentralized, i.e. they depend only on configurations of neighboring agents. However, some agents may not be acting according to this cooperation protocol, due to spontaneous failure or tampering.…
A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments
2007
A man-in-the-middle (MitM) attack is, in the scope of a LAN, a technique where an attacker is able to redirect all traffic between two hosts of that same LAN for packet sniffing or data manipulation, without the end hosts being aware of it. Usually these attacks exploit security flaws in the implementation of the ARP protocol at hosts. Up to now, detecting such attacks required setting up a machine with special-purpose software for this task. As an additional problem, few intrusion detection systems (IDS) are able to prevent MitM attacks. In this work we present a low-cost embedded IDS which, when plugged into a switch or hub, is able to detect and/or prevent MitM attacks automatically and …
A two-armed bandit collective for hierarchical examplar based mining of frequent itemsets with applications to intrusion detection
2014
Published version of a chapter in the book: Transactions on Computational Collective Intelligence XIV. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-662-44509-9_1 In this paper we address the above problem by posing frequent item-set mining as a collection of interrelated two-armed bandit problems. We seek to find itemsets that frequently appear as subsets in a stream of itemsets, with the frequency being constrained to support granularity requirements. Starting from a randomly or manually selected examplar itemset, a collective of Tsetlin automata based two-armed bandit players - one automaton for each item in the examplar - learns which items should be included in …
Survey: Intrusion Detection Systems in Encrypted Traffic
2016
Intrusion detection system, IDS, traditionally inspects the payload information of packets. This approach is not valid in encrypted traffic as the payload information is not available. There are two approaches, with different detection capabilities, to overcome the challenges of encryption: traffic decryption or traffic analysis. This paper presents a comprehensive survey of the research related to the IDSs in encrypted traffic. The focus is on traffic analysis, which does not need traffic decryption. One of the major limitations of the surveyed researches is that most of them are concentrating in detecting the same limited type of attacks, such as brute force or scanning attacks. Both the …
Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic
2016
Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network tr…
A critical review on the implementation of static data sampling techniques to detect network attacks
2021
International audience; Given that the Internet traffic speed and volume are growing at a rapid pace, monitoring the network in a real-time manner has introduced several issues in terms of computing and storage capabilities. Fast processing of traffic data and early warnings on the detected attacks are required while maintaining a single pass over the traffic measurements. To palliate these problems, one can reduce the amount of traffic to be processed by using a sampling technique and detect the attacks based on the sampled traffic. Different parameters have an impact on the efficiency of this process, mainly, the applied sampling policy and sampling ratio. In this paper, we investigate th…