Distributed Intrusion Detection System Using P2P Agent Mining ...

More documents

Recommendations

Info

Vol 5. No. 2, March, 2012 ISSN 2006-1781African Journal of Computing & ICT© 2012 Afr J Comp & ICT – All Rights Reservedwww.ajocict.net3.4 Peer-to-Peer ComputingPeer-to-Peer (<strong>P2P</strong>) computing, a recently developed networkarchitecture for distributed systems, is currently receiving everincreasing attention of both academia and industry. It wasoriginally proposed "for the sharing of computer resources(content, storage, processor cycles) by direct exchange, ratherthan requiring the intermediation or support of a centralizedserver or authority [3] while providing the network nodes withidentical roles, when any node may act both as client andserver. <strong>P2P</strong> computing has become a driving force for manynew ideas and opportunities in design and implementation ofmodern large scale applications composed of highlyautonomous entities.The biggest asset of peer-to-peer systems is not the ability toput everything everywhere but the ability to put anythinganywhere. Its feature advantages include: no centralcoordination, equal privileged of each node, robustness,resource sharing, scalability, fault tolerance meaning there isno single point of failure.C. This suggests the need for specialized distributeddata mining system supported by intelligent multiagentsystem for effective intrusion detection mostespecially distributed intrusion detection.D. This, however, is possible with integration ofenhanced distributed data mining system and multiagentsystem.Table 1: Clustering AnalysisMetrics K-Means EMPercentage AccuracyCorrectlyClassified47.4169 63.2616Exemplars 8,903 11,878IncorrectlyClassifiedExemplars 9,873 6,8984. DISTRIBUTED INTRUSION DETECTION SYSTEM4.1 Preliminary WorksThe outcome of the proposed DIDS emanated from the workson agent based DIDS in [9] [13] [19] [20] and the results ofour preliminary analysis [21] on KDD Cup 99 dataset usingKMeans and Expectation Maximization (EM) ClusteringAlgorithms, Multilayer Perceptron Neural Networks (MLP)and Radial Basis Function Neural Networks (RBF), C4Decision Tree algorithm, Naive Bayes Tree (NBTree)algorithm and Classification and Regression Tree (CART)algorithm presented in figure 1, figure 2, table 1, table 2, andtable 3 respectively.The following hypotheses are drawn:A. From the results in table 1, figure 1 and figure 2,Clustering algorithms, K Means and ExpectationMaximization, were used to clustered the datasetinto five clusters. K-Means performed poorlyconsidering the percentage detection or accuracythat is less than 60% and the amount of data thatwere correctly classified. However, there wasoverlap among the clusters showing that the networkattacks have similar features. The percentageaccuracy recorded was 63.26%. This is a furtherboost to [11] that data mining algorithms are notintelligent enough to distinguish complex patterns.B. Results in table 2 and table 3 show that classifiershave varying predictive accuracy for differentattacks model with multilayer perceptron neuralnetworks, radial basis function neural networks,naive bayes tree, CART and C4.5. The leastpercentage accuracy recorded is about 80%. Thedecision trees also generated some rules which canbe simplified with association and meta rule miningto serves as criteria for intrusion detection andresponse.Fig 1. KMeans Cluster of KDD Cup data4.2 Concept and FrameworkThe main goal to be achieved with this work is to develop anew concept and framework for distributed intrusion detectionsystem that will rely on multi-agent system and distributeddata mining symbiont. This concept for interaction will bebased on peer-to-peer architecture to address the issues of datasharing, data analysis, security and trust in the DIDS.On the framework of the proposed DIDS, the system has threelevels of composition. The first level which is the lowest levelrepresents the core of the system. It is at this level that theinteraction and integration of multi-agent system anddistributed data mining is established.6
Vol 5. No. 2, March, 2012 ISSN 2006-1781African Journal of Computing & ICT© 2012 Afr J Comp & ICT – All Rights Reservedwww.ajocict.netThis establishment is described by the unified modellinglanguage in figure 3 that presents the activities of agents anddata mining. The analogy shows cooperative and symbioticcharacteristics that exist among agents and data mining withthe target of achieving a common purpose. This process is aniterative one involving search procedure.Table 2: Artificial Neural Networks AnalysisData Metrics MLP (Hidden RBF (Iteration)TypeLayer)1 2 1 2Time(s) 237.81 357.84 12.39 12.88Accuracy(%) 97.7135 98.9862 86.4754 90.0129DoSTP Rate 0.977 0.99 0.865 0.9FP Rate 0.036 0.006 0.105 0.085Time(s) 137.91 212.6 11.01 10.58Accuracy(%) 98.8906 99.168 94.792 94.7304Figure 2. EM Cluster of KDD Cup dataThe second level which precedes the topmost level of systemcomposition is made up of dedicated and specialized agentsthat cooperate and communicate in continuous fashion togenerate host based and network based intrusion detectionsystem. They lack mobility feature. The organization of thisagent is perfectly decentralized, no dedicated central server.All of them are important in their own wise. This ability isenshrined in peer-to-peer scheme.The second level which precedes the topmost level of systemcomposition is made up of dedicated and specialized agentsthat cooperate and communicate in continuous fashion togenerate host based and network based intrusion detectionsystem. They lack mobility feature. The organization of thisagent is perfectly decentralized, no dedicated central server.All of them are important in their own wise. This ability isenshrined in peer-to-peer schemeAt the highest level of composition, different intrusiondetection systems are involved. They cooperate, communicateand move about to detect and report threat. The p2porganization of the intrusion detection systems offersscalability advantage. The system on the overall enables peerto-peerthreat and vulnerability detection, insider threatdetection, fault tolerance and recovery and intrusionprevention.ProbeR2LU2RTP Rate 0.989 0.992 0.948 0.947FP Rate 0.015 0.028 0.009 0.419Time(s) 116.97 176.59 10.82 10.63Accuracy(%) 98.3184 98.5706 87.2478 90.639TP Rate 0.983 0.986 0.872 0.906FP Rate 0.033 0.033 0.043 0.039Time(s) 98.61 154.76 10.22 10.17Accuracy(%) 99.6934 99.7274 99.3186 99.3186TP Rate 0.997 0.997 0.993 0.993FP Rate 0.397 0.397 0.993 0.9937
Page 1 and 2: Vol 5. No. 2, March, 2012 ISSN 2006
Page 3: Vol 5. No. 2, March, 2012 ISSN 2006
Page 7 and 8: Vol 5. No. 2, March, 2012 ISSN 2006

Distributed Intrusion Detection System Using P2P Agent Mining ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?