Ontology Based Multi-Agent Intrusion Detection System for Web Service Attacks Using Self Learning

Web Services (WS) have become a significant part of the Internet. They employ many features, each of them having specific drawbacks and security threats that are being exploited currently. According to current market researches majority of cyber attacks/exploits are done on these vulnerabilities in WS. Some are direct head on attacks while others are highly coordinated ones. To detect these attacks so that their further attempts can be prevented, highly intelligent Intrusion Detection Systems (IDS) are required. This can be done by having vast databases with high update frequencies or by employing a self learning ontology. Since, rules cannot be added to the database every minute and hence the ontology is preferred since attacks are of varying nature and new forms of attacks arise every day. For coordinated attacks, a single, stand alone IDS's becomes obsolete here. Hence the use of Distributed Intrusion Detection Systems (DIDS) along with firewalls is essential. The communication between these IDS's can be done using agents or any set standard of communication between these IDS's. On recognition of an attack on a single member or number of members of the DIDS System rules are added to the ontology knowledge base and learning occurs. This is the basic idea of an ontology based DIDS. The objective is to detect multiple kinds of attacks with good efficiency in least possible time practically.