A Multi-Agent Approach for Hybrid Intrusion Detection in Industrial Networks: Design and Implementation

Abstract

The integration of Network Intrusion Detection Systems (Network IDS) in industrial networks has improved the security of these systems due to their ability to analyze network traffic in order to detect potential system intrusions. Unfortunately, their detection scope is often limited to strategical network locations and may therefore not be capable to detect intrusions occurring at other system locations (e.g., specific devices). Hence, it is necessary to increase their detection scope by further analyzing additional information pertaining to other system components. The introduction of these new information sources adds more complexity to the intrusion detection problem, as it is not only necessary to identify them, but it is also required to define how their authentication, capture and analysis is to be carried out. Multi-Agent Systems are an architectural paradigm that can deal with such complexity. This paper presents a multi-agent approach for hybrid intrusion detection that takes into consideration the aforementioned challenges. This approach is comprised of a multi-agent hybrid intrusion detection architecture designed according to a set of properties. These properties consider IDS-specific requirements. It also takes into consideration current trends in the field of Multi-Agent Systems to provide security, scalability and adaptability across multiple systems. The feasibility of this approach is validated through a prototypical implementation.