1. Evaluating how well agent-based IDS perform
- Author
-
Hossam Faheem, Islam Hegazy, T. Al-Arif, and T. Ahmed
- Subjects
Engineering ,business.industry ,Strategy and Management ,Distributed computing ,Multi-agent system ,Real-time computing ,Autonomous agent ,Intrusion detection system ,computer.software_genre ,Education ,Host-based intrusion detection system ,Intelligent agent ,Software agent ,Software system ,Electrical and Electronic Engineering ,business ,Agent architecture ,computer - Abstract
Intelligent agents - as a modern artificial intelligence concept - are now widely deployed in various software systems. The agent can be defined as a software entity which functions continuously and autonomously in a particular environment, able to carry out activities in a flexible and intelligent manner that is responsive to changes in the environment, and able to learn from its experience. An intrusion detection system can be decomposed into steps where an agent can perform a single or more step. But performance evaluation techniques of their use are still in the early stage. This infancy status holds especially true for agents used in intrusion detection systems (IDS) since they are new to this field. We believe that the two most important factors to measure for a given IDS are the risk time and the detection time. The risk time is the time at which the computer could be under risk of attack since the intrusion is not discovered yet. The smaller the detection time is the smaller the risk time. Thus, as a step towards a complete evaluation strategy, a simple IDS with agents was tested.
- Published
- 2005
- Full Text
- View/download PDF