Reflective-Cognitive Adaptation for Network Intrusion Detection Systems
|Project Period:||6/2008 - 12/2009|
|Investor:||U.S. Army RDECOM Acquisition Center|
| || |
| || |
|Keywords:||intrusion detection, network behavior analysis, multi-agent system, trust, anomaly detection, programable hardware|
The goal of the CAMNEP II project is to combine the high-bandwidth network traffic acquisition devices with distributed and adaptive multi-agent system to deliver a concept of efficient, effective and self-managing Network Intrusion Detection System (NIDS). This system would be deployed on backbone links of one or more network operators in order to detect malicious traffic, minimizing the rate of false positives/negatives that renders current systems less effective. Attack detection process will rely on cooperation between a community of trusting agents, each specialized in one aspect of traffic characteristics. We aim to further reduce the system operational costs by providing basic self-adaptation capabilities, using the coordination methods from multi-agent field and adaptive software/hardware in traffic acquisition layer. The system operation and adaptation will be supervised and regulated via advanced user interface, that would proactively seek additional information for each incident and will also allow policy specification.