Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction

摘要

Industrial control systems have been globally connected to the open computer networks for decentralized management and control purposes. Most of these networked control systems that are not designed with security protection can be vulnerable to network attacks nowadays, so there is a growing demand of efficient and scalable intrusion detection systems (IDS) in the network infrastructure of industrial plants. In this paper, we present a multi-agent IDS architecture that is designed for decentralized intrusion detection and prevention control in large switched networks. An efficient and biologically inspired learning model is proposed for anomaly intrusion detection in the multi-agent IDS. The proposed model called ant colony clustering model (ACCM) improves the existing ant-based clustering approach in searching for near-optimal clustering heuristically, in which meta-heuristics engages the optimization principles in swarm intelligence. In order to alleviate the curse of dimensionality, four unsupervised feature extraction algorithms are applied and evaluated on their effectiveness to enhance the clustering solution. The experimental results on KDD-Cup99 IDS benchmark data demonstrate that applying ACCM with one of the feature extraction algorithms is effective to detect known or unseen intrusion attacks with high detection rate and recognize normal network traffic with low false positive rate.