research-article

An evolutionary multi-agent approach to anomaly detection and cyber defense

Authors:

Marco Carvalho,

Carlos PerezAuthors Info & Claims

CSIIRW '11: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research

Article No.: 28, Page 1

https://doi.org/10.1145/2179298.2179329

Published: 12 October 2011 Publication History

Get Access

Supplementary Material

Supplemental material. (a28-carvalho_slide.pdf)

Download
1.66 MB

References

[1]

Snort. http://www.snort.org/.

Google Scholar

[2]

S. Axelsson. Intrusion detection systems: A survey and taxonomy. 2000.

Google Scholar

[3]

S. Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security (TISSEC), 3(3):186-205, 2000.

Digital Library

Google Scholar

[4]

M. Carvalho and C. M. Teng. Automatic discovery of attack messages and pre- and postconditions automatic discovery of attack messages and pre- and post-conditions for attack graph generation. In E. L. Armistead, editor, 5th International Conference on Information Warfare and Security (ICIW), pages 378-388, Wright-Patterson AFB, Ohio, USA, April 8-9 2010. AFRL, Academic Publishing Limited.

Google Scholar

[5]

J. Hartigan and M. Wong. A k-means clustering algorithm. JR Stat. Soc., Ser. C, 28:100-108, 1979.

Crossref

Google Scholar

[6]

D. Kim, H. Nguyen, and J. Park. Genetic algorithm to improve SVM based network intrusion detection system. In Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference on, volume 2, pages 155-158. IEEE, 2005.

Digital Library

Google Scholar

[7]

C. Kruegel, D. Mutz, W. Robertson, and F. Valeur. Bayesian event classification for intrusion detection. 2003.

Google Scholar

[8]

A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, and J. Srivastava. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the Third SIAM International Conference on Data Mining, volume 3, 2003.

Crossref

Google Scholar

[9]

R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks, 34(4):579-595, 2000.

Digital Library

Google Scholar

[10]

J. McHugh. Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security, 3(4):262-294, 2000.

Digital Library

Google Scholar

[11]

S. Mukkamala, G. Janoski, and A. Sung. Intrusion detection using neural networks and support vector machines. In Proceedings of IEEE international joint conference on neural networks, volume 1702, 2002.

Crossref

Google Scholar

[12]

S. Patton, W. Yurcik, and D. Doss. An Achilles' heel in signature-based IDS: Squealing false positives in SNORT. In Proceedings of RAID 2001 fourth International Symposium on Recent Advances in Intrusion Detection October, volume 10, page 12. Citeseer, 2001.

Google Scholar

[13]

L. Portnoy, E. Eskin, and S. Stolfo. Intrusion detection with unlabeled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security, Philadelphia, PA, 2001.

Google Scholar

[14]

Y. Qiao, X. Xin, Y. Bin, and S. Ge. Anomaly intrusion detection method based on HMM. Electronics Letters, 38(13):663-664, 2002.

Crossref

Google Scholar

[15]

G. Schwarz. Estimating the dimension of a model. The annals of statistics, 6(2):461-464, 1978.

Google Scholar

Cited By

View all

Aiyanyo ISamuel HLim H(2020)A Systematic Review of Defensive and Offensive Cybersecurity with Machine LearningApplied Sciences10.3390/app1017581110:17(5811)Online publication date: 22-Aug-2020
https://doi.org/10.3390/app10175811
Saeed ISelamat ARohani MKrejcar OChaudhry J(2020)A Systematic State-of-the-Art Analysis of Multi-Agent Intrusion DetectionIEEE Access10.1109/ACCESS.2020.30274638(180184-180209)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3027463
Zincir-Heywood NKayacik G(2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
https://dl.acm.org/doi/10.1145/3067695.3067726
Show More Cited By

Recommendations

A hybrid behavior- and Bayesian network-based framework for cyber–physical anomaly detection
Abstract
In recent years, the increasing Internet connectivity and heterogeneity of industrial protocols have been raising the number and nature of cyber-attacks against Industrial Control Systems (ICS). Such cyber-attacks may lead to cyber anomalies and ...
Highlights
- Hybrid behavior- and Bayesian network-based cyber–physical anomaly detection.
- Hybrid anomaly detection framework based on both cyber and physical data from ICS.
- Identification of cyber, physical and cyber–physical anomalies in ICS.
A hybrid methodology for anomaly detection in Cyber–Physical Systems
Abstract
The rapid adoption of Industry 4.0 has seen Information Technology (IT) networks increasingly merged with Operational Technology (OT) networks, which have traditionally been isolated on air-gapped and fully trusted networks. This increased attack ...
Highlights
- Anomaly detection in Cyber–Physical Systems.
- Internet of Things (IoT) Security.
- One-class machine learning.
Decentralized anomaly detection in cooperative multi-agent reinforcement learning
IJCAI '23: Proceedings of the Thirty-Second International Joint Conference on Artificial Intelligence

We consider the problem of detecting adversarial attacks against cooperative multi-agent reinforcement learning. We propose a decentralized scheme that allows agents to detect the abnormal behavior of one compromised agent. Our approach is based on a ...

Comments

Information & Contributors

Information

Published In

CSIIRW '11: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research

October 2011

18 pages

ISBN:9781450309455

DOI:10.1145/2179298

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

CSIIRW '11

Sponsor:

Eurosis
University of Tennessee

CSIIRW '11: Cyber Security and Information Intelligence Research Workshop

October 12 - 14, 2011

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
184
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Aiyanyo ISamuel HLim H(2020)A Systematic Review of Defensive and Offensive Cybersecurity with Machine LearningApplied Sciences10.3390/app1017581110:17(5811)Online publication date: 22-Aug-2020
https://doi.org/10.3390/app10175811
Saeed ISelamat ARohani MKrejcar OChaudhry J(2020)A Systematic State-of-the-Art Analysis of Multi-Agent Intrusion DetectionIEEE Access10.1109/ACCESS.2020.30274638(180184-180209)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3027463
Zincir-Heywood NKayacik G(2017)Evolutionary computation in network management and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3067695.3067726(1094-1112)Online publication date: 15-Jul-2017
https://dl.acm.org/doi/10.1145/3067695.3067726
Rahman MOo AMahmud MPota H(2016)A multi-agent approach for security of future power grid protection systems2016 IEEE Power and Energy Society General Meeting (PESGM)10.1109/PESGM.2016.7741880(1-5)Online publication date: Jul-2016
https://doi.org/10.1109/PESGM.2016.7741880
Carvalho MEskridge TFerguson-Walter KPaltzer N(2015)MIRA: a support infrastructure for cyber command and control operations2015 Resilience Week (RWS)10.1109/RWEEK.2015.7287426(1-6)Online publication date: Aug-2015
https://doi.org/10.1109/RWEEK.2015.7287426
Rey GCarvalho MTrentesaux D(2013)Cooperation models between humans and artificial self-organizing systems: Motivations, issues and perspectives2013 6th International Symposium on Resilient Control Systems (ISRCS)10.1109/ISRCS.2013.6623769(156-161)Online publication date: Aug-2013
https://doi.org/10.1109/ISRCS.2013.6623769

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

A hybrid behavior- and Bayesian network-based framework for cyber–physical anomaly detection

A hybrid methodology for anomaly detection in Cyber–Physical Systems

Decentralized anomaly detection in cooperative multi-agent reinforcement learning