Consensus-based Methods for Solving Problems of Agent's Inconsistent Knowledge in Intrusion Detection Systems

A. Pieczynska (Poland)


Intrusion detection systems, incomplete agent’s knowledge, consensus methods


These days network systems must be protected by intrusions detection mechanisms. One of the most difficult problems in security network systems is the task of automatic detection of users’ behaviours that are against system’s security policy. The difficulties consists in making difference between a normal user behaviour and potential attacker. The aim is to detect abnormal states in relation to the network traffic, users’ activity and system configurations that may indicate violate of security policy. It is assumed that intrusion detection system is based on the multiagent approach. Two kinds of agents are considered in a security system: monitoring agents (AM) and managing agents (AZ). Each agent is treated as an autonomous entity. It means that the agents’ knowledge about the current state of nodes in a monitoring region might be inconsistent. One of the possible ways of solving this problem is applying some internal mechanisms for conflict resolution. In this way the agents’ experience are used in a process of estimating the current state of nodes. In this process consensus methods are applied. These methods are useful tool for solving the problems of inconsistent data in distributed systems. First of all the agent’s knowledge structure is given, then the general idea of consensus methods is discussed. Next the consensus postulates are formulated and finally the algorithm for consensus computing is proposed.

