Journal of ICT Research and Applications (Mar 2015)
DIDS Using Cooperative Agents Based on Ant Colony Clustering
Abstract
Intrusion detection systems (IDS) play an important role in information security. Two major problems in the development of IDSs are the computational aspect and the architectural aspect. The computational or algorithmic problems include lacking ability of novel-attack detection and computation overload caused by large data traffic. The architectural problems are related to the communication between components of detection, including difficulties to overcome distributed and coordinated attacks because of the need of large amounts of distributed information and synchronization between detection components. This paper proposes a multi-agent architecture for a distributed intrusion detection system (DIDS) based on ant-colony clustering (ACC), for recognizing new and coordinated attacks, handling large data traffic, synchronization, co-operation between components without the presence of centralized computation, and good detection performance in real-time with immediate alarm notification. Feature selection based on principal component analysis (PCA) is used for dimensional reduction of NSL-KDD. Initial features are transformed to new features in smaller dimensions, where probing attacks (Ra-Probe) have a characteristic sign in their average value that is different from that of normal activity. Selection is based on the characteristics of these factors, resulting in a two-dimensional subset of the 75% data reduction.
