Kendrick, P, Criado, N, Hussain, A and Randles, M (2018) A Self-Organising Multi-Agent System For Decentralised Forensic Investigations. Expert Systems with Applications, 102. pp. 12-26. ISSN 0957-4174
|
Text
Version 1 0.pdf - Accepted Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) | Preview |
Abstract
As network-based threats continue to evolve more rapidly, detecting and responding to intrusion attempts in real-time requires an increasingly automated and intelligent response. This paper provides an agent-based framework for the analysis of cyber events within networks of varying sizes to detect complex multi-stage attacks. Agents are used as intelligent systems to explore domain specific and situational information showing the benefit of adaptive technologies that proactively analyse security events in real time. We introduce several algorithms to encapsulate and manage the traditional detection technologies and provide agent-based performance introspection as a mechanism to identify poorly performing systems. Our evaluation shows that the algorithms can reduce the amount of processing needed to analyse a security event by over 50% and improve the detection rate by up to 20% by introducing corrective systems to reduce false alarm rates in error-prone environments.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | 01 Mathematical Sciences, 08 Information And Computing Sciences |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Divisions: | Computer Science & Mathematics |
Publisher: | Elsevier |
Date Deposited: | 15 Feb 2018 11:44 |
Last Modified: | 04 Sep 2021 03:13 |
URI: | https://researchonline.ljmu.ac.uk/id/eprint/8036 |
View Item |