TY - GEN
T1 - A multi-agent approach for hybrid intrusion detection in industrial networks
T2 - 17th IEEE International Conference on Industrial Informatics, INDIN 2019
AU - Martinez, Cyntia Vargas
AU - Sollfrank, Michael
AU - Vogel-Heuser, Birgit
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/7
Y1 - 2019/7
N2 - The integration of Network Intrusion Detection Systems (Network IDS) in industrial networks has improved the security of these systems due to their ability to analyze network traffic in order to detect potential system intrusions. Unfortunately, their detection scope is often limited to strategical network locations and may therefore not be capable to detect intrusions occurring at other system locations (e.g., specific devices). Hence, it is necessary to increase their detection scope by further analyzing additional information pertaining to other system components. The introduction of these new information sources adds more complexity to the intrusion detection problem, as it is not only necessary to identify them, but it is also required to define how their authentication, capture and analysis is to be carried out. Multi-Agent Systems are an architectural paradigm that can deal with such complexity. This paper presents a multi-agent approach for hybrid intrusion detection that takes into consideration the aforementioned challenges. This approach is comprised of a multi-agent hybrid intrusion detection architecture designed according to a set of properties. These properties consider IDS-specific requirements. It also takes into consideration current trends in the field of Multi-Agent Systems to provide security, scalability and adaptability across multiple systems. The feasibility of this approach is validated through a prototypical implementation.
AB - The integration of Network Intrusion Detection Systems (Network IDS) in industrial networks has improved the security of these systems due to their ability to analyze network traffic in order to detect potential system intrusions. Unfortunately, their detection scope is often limited to strategical network locations and may therefore not be capable to detect intrusions occurring at other system locations (e.g., specific devices). Hence, it is necessary to increase their detection scope by further analyzing additional information pertaining to other system components. The introduction of these new information sources adds more complexity to the intrusion detection problem, as it is not only necessary to identify them, but it is also required to define how their authentication, capture and analysis is to be carried out. Multi-Agent Systems are an architectural paradigm that can deal with such complexity. This paper presents a multi-agent approach for hybrid intrusion detection that takes into consideration the aforementioned challenges. This approach is comprised of a multi-agent hybrid intrusion detection architecture designed according to a set of properties. These properties consider IDS-specific requirements. It also takes into consideration current trends in the field of Multi-Agent Systems to provide security, scalability and adaptability across multiple systems. The feasibility of this approach is validated through a prototypical implementation.
KW - Agent Architecture
KW - Industrial Network Security
KW - Intrusion Detection
KW - Multi-Agent Systems (MAS)
UR - http://www.scopus.com/inward/record.url?scp=85079051691&partnerID=8YFLogxK
U2 - 10.1109/INDIN41052.2019.8972055
DO - 10.1109/INDIN41052.2019.8972055
M3 - Conference contribution
AN - SCOPUS:85079051691
T3 - IEEE International Conference on Industrial Informatics (INDIN)
SP - 351
EP - 357
BT - Proceedings - 2019 IEEE 17th International Conference on Industrial Informatics, INDIN 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 July 2019 through 25 July 2019
ER -