Detecting anomalous data is essential to obtain critical and actionable information such as intrusions, faults, and system failures. In this paper an agent-based clustering algorithm to detect anomalies in a distributed system, is introduced. Each data object, independently of which source it arrives, is associated with a mobile agent following the flocking algorithm, a self-organizing bio-inspired computational model. The agents are randomly disseminated onto a virtual space where they move in order to form a flock. Thanks to a tailored similarity function the agents that are associated with similar objects form a flock, whereas the agents that are associated with objects dissimilar (outliers/anomalies) to each other do not group in flocks. Preliminarily experimental results confirm the validity of the proposed approach.
A multi-agent approach for intrusion detection in distributed systems
Forestiero A
2015
Abstract
Detecting anomalous data is essential to obtain critical and actionable information such as intrusions, faults, and system failures. In this paper an agent-based clustering algorithm to detect anomalies in a distributed system, is introduced. Each data object, independently of which source it arrives, is associated with a mobile agent following the flocking algorithm, a self-organizing bio-inspired computational model. The agents are randomly disseminated onto a virtual space where they move in order to form a flock. Thanks to a tailored similarity function the agents that are associated with similar objects form a flock, whereas the agents that are associated with objects dissimilar (outliers/anomalies) to each other do not group in flocks. Preliminarily experimental results confirm the validity of the proposed approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
