Distributed Intrusion Detection System Using P2P Agent Mining ...

Vol 5. No. 2, March, 2012 ISSN 2006-1781African Journal of Computing & ICT© 2012 Afr J Comp & ICT – All Rights Reservedwww.ajocict.net3.4 Peer-to-Peer ComputingPeer-to-Peer (P2P) computing, a recently developed networkarchitecture for distributed systems, is currently receiving everincreasing attention of both academia and industry. It wasoriginally proposed "for the sharing of computer resources(content, storage, processor cycles) by direct exchange, ratherthan requiring the intermediation or support of a centralizedserver or authority [3] while providing the network nodes withidentical roles, when any node may act both as client andserver. P2P computing has become a driving force for manynew ideas and opportunities in design and implementation ofmodern large scale applications composed of highlyautonomous entities.The biggest asset of peer-to-peer systems is not the ability toput everything everywhere but the ability to put anythinganywhere. Its feature advantages include: no centralcoordination, equal privileged of each node, robustness,resource sharing, scalability, fault tolerance meaning there isno single point of failure.C. This suggests the need for specialized distributeddata mining system supported by intelligent multiagentsystem for effective intrusion detection mostespecially distributed intrusion detection.D. This, however, is possible with integration ofenhanced distributed data mining system and multiagentsystem.Table 1: Clustering AnalysisMetrics K-Means EMPercentage AccuracyCorrectlyClassified47.4169 63.2616Exemplars 8,903 11,878IncorrectlyClassifiedExemplars 9,873 6,8984. DISTRIBUTED INTRUSION DETECTION SYSTEM4.1 Preliminary WorksThe outcome of the proposed DIDS emanated from the workson agent based DIDS in [9] [13] [19] [20] and the results ofour preliminary analysis [21] on KDD Cup 99 dataset usingKMeans and Expectation Maximization (EM) ClusteringAlgorithms, Multilayer Perceptron Neural Networks (MLP)and Radial Basis Function Neural Networks (RBF), C4Decision Tree algorithm, Naive Bayes Tree (NBTree)algorithm and Classification and Regression Tree (CART)algorithm presented in figure 1, figure 2, table 1, table 2, andtable 3 respectively.The following hypotheses are drawn:A. From the results in table 1, figure 1 and figure 2,Clustering algorithms, K Means and ExpectationMaximization, were used to clustered the datasetinto five clusters. K-Means performed poorlyconsidering the percentage detection or accuracythat is less than 60% and the amount of data thatwere correctly classified. However, there wasoverlap among the clusters showing that the networkattacks have similar features. The percentageaccuracy recorded was 63.26%. This is a furtherboost to [11] that data mining algorithms are notintelligent enough to distinguish complex patterns.B. Results in table 2 and table 3 show that classifiershave varying predictive accuracy for differentattacks model with multilayer perceptron neuralnetworks, radial basis function neural networks,naive bayes tree, CART and C4.5. The leastpercentage accuracy recorded is about 80%. Thedecision trees also generated some rules which canbe simplified with association and meta rule miningto serves as criteria for intrusion detection andresponse.Fig 1. KMeans Cluster of KDD Cup data4.2 Concept and FrameworkThe main goal to be achieved with this work is to develop anew concept and framework for distributed intrusion detectionsystem that will rely on multi-agent system and distributeddata mining symbiont. This concept for interaction will bebased on peer-to-peer architecture to address the issues of datasharing, data analysis, security and trust in the DIDS.On the framework of the proposed DIDS, the system has threelevels of composition. The first level which is the lowest levelrepresents the core of the system. It is at this level that theinteraction and integration of multi-agent system anddistributed data mining is established.6