Artificial Intelligence Research Laboratory Department of Computer Science Iowa State University

Multi-Agent Systems for Integrated Host and Network-Based Intrusion Detection
   Personnel   Project Summary   Funding   Publications   Additional Information   Projects   AI Lab  

• Dr. Vasant Honavar, Co-Principal Investigator.
• Dr. Johnny Wong, Co-Principal Investigator.
• Mr. Guy Helmer, Ph.D. Student.
• Mr. Mark Slagell, M.S. Student.
• Ms. Taru Trivedi, Ph.D. Student.

Project Summary

Complex Distributed Systems (e.g., computer systems, communication networks, power systems) are equipped with sensors and measurement devices that gather and store, a variety of data that is useful in monitoring and controlling the operation of such systems. For instance, system logs gathered by multiple computers connected to a network contain information t hat is useful in detecting anomalies and intrusions. Analysis of such system log s over time can lead to discovery of useful knowledge to detect intrusions on the basis of observed activity. An example of an attack involving more than one subsystem would be a combined NFS and rlogin attack wherein an attacker would determine an NFS file handle for an .rhosts file or /etc/hosts.equiv file (assuming that the appropriate file systems are exported by the UNIX system), using the NFS handle rewrite the file to gain login privileges to the attacked host. To detect and respond to such multistage or concerted attacks, the intrusion detection system must have support for gathering and operating on data and knowledge sources from the entire observed system.

This research is aimed at developing, implementing, and evaluating multi-agent systems for integrated host and network based monitoring of large distributed computer and communication networks for intrusions. A system of stationary and mobile software agents will:

• monitor different processes, resources, users, events,
• extract relevent information from system logs,
• integrate information from disparate sources over multiple space and time scales,
• detect anomalous patterns of activity,
• selectively share information with other agents,
• adapt monitoring functions to observed patterns of activity,
• perform data mining to learn predictive rules for intrusion detection, and
• recommend or execute appropriate countermeasures

Anticipated results of this research include new algorithmic and systems solutions for monitoring of large distributed systems in general, and detection of coordinated or concerted attacks on distributed computing systems in particular.

The proposed research will be closely integrated with education and training of graduate and undergraduate students in Computer Science at Iowa State University.

Funding

• Distributed Knowledge Networks, John Deere Foundation, 1999-2000. Vasant Honavar. $30,000.
• Intelligent Agents for Intrusion Detection. Department of Defense (1998-2000), J ohnny Wong, Vasant Honavar, and Les Miller. $199,769.

Publications

• Honavar, V. (1999). Distributed Knowledge Networks. Invited Talk. Artificial Intelligence for Distributed Information Networks (AiDIN '99) Workshop held during the 1999 National Confere nce on Artificial Intelligence (AAAI 99), Orlando, Florida. July 1999.
• Yang, J. (1999). Adaptive Agents For Information Retrieval and Data-Driven Knowledge Acquisition. Doctoral Dissertation. Department of Computer Science. Iowa State University.
• Honavar, V., Miller, L. and Wong, J. (1998). Distributed Knowledge Networks. In: Proceedings of the IEEE Information Technology Conference. Syracuse, NY.
• Helmer, G., Wong, J., Honavar, V. and Miller, L. (1998). Intelligent Agents for Intrusion Detection. In: Proceedings of the IEEE Information Technology Conference. Syracuse, NY.
• Miller, L., Honavar, V. and Wong, J. (1998). Object-Oriented Data Warehouse for Information Fusion from Heterogeneous Data and Knowledge Sources. In: Proceedings of the IEEE Information Technology Conference. Syracuse, NY.
• Yang, J., Pai, P., Honavar, V., and Miller, L. (1998). Mobile Intelligent Agents for Document Classification and Retrieval: A Machine Learning Approach. In: Proceedings of the European Symposium on Cybernetics and Systems Research.
• Yang, J., Havaldar, R., Honavar, V., Miller, L. and Wong, J. (1998). Coordination and Control of Distributed Knowledge Networks Using the Contract Net Protocol. In: Proceedings of the IEEE Information Technology Conference. Syracuse, NY.
• Mikler, A., Honavar, V. and Wong, J. (1995). Heuristics for Intelligent Adaptive Routing in Large Communication Networks. Under review. A preliminary version appeared in [mikler96].

Additional Information

To appear.

© Vasant Honavar, 1999.