Portal de Periódicos da CAPES

Mining security events in a distributed agent society

2006; SPIE; Volume: 6241; Linguagem: Inglês

10.1117/12.661003

1996-756X

Dipankar Dasgupta, Jonathan Rodrı́guez, Sankalp Balachandran,

Data Stream Mining Techniques

In distributed agent architecture, tasks are performed on multiple computers which are sometimes spread across different locations. While it is important to collect security critical sensory information from the agent society, it is equally important to analyze and report such security events in a precise and useful manner. Data mining techniques are found to be very efficient in the generation of security event profiles. This paper describes the implementation of such a security alert mining tool which generates profiles of security events collected from a large agent society. In particular, our previous work addressed the development of a security console to collect and display alert message (IDMEF) from a Cougaar (agent) society. These messages are then logged in an XML database for further off-line analysis. In our current work, stream mining algorithms are applied for sequencing and generating frequently occurring episodes, and then finding association rules among frequent candidate episodes. This alert miner could profile most prevalent patterns as indications of frequent attacks in a large agent society.