Date of Award
3-11-2011
Document Type
Thesis
Degree Name
Master of Science
Department
Department of Electrical and Computer Engineering
First Advisor
Gary B. Lamont, PhD.
Abstract
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage points in the network; and 2) multi objective evolutionary algorithms that seek effective operational parameter values. This paper illustrates, through quantitative and qualitative evaluation, 1) the conditions for which the reputation system provides a significant benefit; and 2) essential functionality of a complex network simulation environment supporting a broad range of malicious activity scenarios. These results establish an optimistic outlook for further research in flow-based multi agent systems for ID in computer networks.
AFIT Designator
AFIT-GCS-ENG-11-02
DTIC Accession Number
ADA540167
Recommended Citation
Hancock, David, "A Multi Agent System for Flow-Based Intrusion Detection Using Reputation and Evolutionary Computation" (2011). Theses and Dissertations. 1391.
https://scholar.afit.edu/etd/1391
Included in
Computer and Systems Architecture Commons, Digital Communications and Networking Commons, Information Security Commons