DMAIDPS: a distributed multi-agent intrusion detection and prevention system for cloud IoT environments

• Published in: Cluster computing Vol. 26; no. 1; pp. 367 - 384
• Main Authors: Javadpour, Amir, Pinto, Pedro, Ja’fari, Forough, Zhang, Weizhe
• Format: Journal Article
• Language: English
• Published: New York Springer US 01.02.2023; Springer Nature B.V
• Subjects: Access control; Cloud computing; Collaboration; Computer Communication Networks; Computer Science; Customer services; Cybersecurity; Data encryption; Decision making; Internet of Things; Intrusion detection systems; Methods; Multiagent systems; Operating Systems; Prevention; Processor Architectures; Recall; Intrusion detection and prevention system; CIoT; DMAIDPS; Learning agent
• ISSN: 1386-7857; 1573-7543
• DOI: 10.1007/s10586-022-03621-3

Cloud Internet of Things (CIoT) environments, as the essential basis for computing services, have been subject to abuses and cyber threats. The adversaries constantly search for vulnerable areas in such computing environments to impose their damages and create complex challenges. Hence, using intrusion detection and prevention systems (IDPSs) is almost mandatory for securing CIoT environments. However, the existing IDPSs in this area suffer from some limitations, such as incapability of detecting unknown attacks and being vulnerable to the single point of failure. In this paper, we propose a novel distributed multi-agent IDPS (DMAIDPS) that overcomes these limitations. The learning agents in DMAIDPS perform a six-step detection process to classify the network behavior as normal or under attack. We have tested the proposed DMAIDPS with the KDD Cup 99 and NSL-KDD datasets. The experimental results have been compared with other methods in the field based on Recall, Accuracy, and F-Score metrics. The proposed system has improved the Recall, Accuracy, and F-Scores metrics by an average of 16.81%, 16.05%, and 18.12%, respectively.