We describe the design of a misuse detection agent, one of the different agents in a multiagent-based intrusion detection system. This system is being implemented in JADE, a well-known multiagent platform based in Java. The agent analyzes the packets in the network connections using a packet sniffer and then creates a data model based on the information obtained. This data model is the input to a rule-based agent inference engine, which uses the Rete algorithm for pattern matching, and the rules of the signature-based intrusion detection system Snort. Specifically, an implementation in Java language - the Drools-JBoss Rules- was used, and a parser was implemented that converts Snort rules to Drools rules. The use of object-oriented techniques, together with design patterns, means that the agent is flexible, easily configurable and extensible. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Mosqueira-Rey, E., Alonso-Betanzos, A., Del Río, B. B., & Piñeiro, J. L. (2007). A misuse detection agent for intrusion detection in a multi-agent architecture. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4496 LNAI, pp. 466–475). Springer Verlag. https://doi.org/10.1007/978-3-540-72830-6_48
Mendeley helps you to discover research relevant for your work.