Attack Pattern Analysis Framework for Multiagent Intrusion Detection System

The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multiagent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been discussed how some specific values characterizing network communication can be used to detect network anomalies caused by security incidents (worm attack, virus spreading). Finally, it has been defined how to use the proposed techniques in distributed IDS using attack pattern ontology.