Latest News

Dr. Kajal Saraswat

Multi Agent based Integrated Scheme for Network Intrusion Detection

Multi-agent based Integrated Scheme for Network Intrusion Detection (MAISNID) use agents to detect attacks in the network and to prevent human intervention. MAISNID consists of three agents: Interface agent (IA), Training Agent (TA) and Detector Agent (DA). IA performs functions like capturing of network packets and extract useful features from them. It also keeps track of Internet Protocol (IP) addresses which are affected by attacks and sends this information to the administrator for further action. TA trains the decision tree model and computes frequency vector of packets payload. DA is a mobile agent which collects packets from various machines in the network by migrating itself along with minimum information. Then DA predicts the class of coming packet by moving to the machine where database resides and sends related information about anomalous packets to the administrator. The proposed integrated intrusion detection system is tested on standard dataset i.e. DARPA and collected dataset of Panjab University. On DARPA dataset, the testing is done on three ports, namely, port 21 (FTP), port 23 (TELNET), and port 80 (HTTP). On university dataset, the testing is done on port 80 (HTTP) and port 443 (HTTPS). The integrated scheme combines the both misuse-based approach and anomaly-based approach and performs better than each technique individually as observed from results. The main benefit of integrated scheme is that it can find out both known and novel attacks in the network. This system helps in the analysis of network packets, detecting affected machines in the network, and reduces processing time in detecting anomalous network packets.