Show simple item record

dc.contributor.authorMarques, Rafael Salema
dc.contributor.authorEpiphaniou, Gregory
dc.contributor.authorAl-Khateeb, Haider
dc.contributor.authorMaple, Carsten
dc.contributor.authorHammoudeh, Mohammad
dc.contributor.authorDe Castro, Paulo Andre Lima
dc.contributor.authorDehghantanha, Ali
dc.contributor.authorChoo, Kim-Kwang Raymond
dc.date.accessioned2020-09-07T09:58:51Z
dc.date.available2020-09-07T09:58:51Z
dc.date.issued2021-07-16
dc.identifier.citationMarques, R.S., Epiphaniou, G., Al-Khateeb, H. et al. (2021) A flow-based multi-agent data exfiltration detection architecture for ultra-low latency networks, ACM Transactions on Internet Technology, 21 (4), Article Number 103. https://doi.org/10.1145/3419103en
dc.identifier.issn1533-5399en
dc.identifier.doi10.1145/3419103
dc.identifier.urihttp://hdl.handle.net/2436/623600
dc.descriptionThis is an accepted manuscript of an article published by ACM in ACM Transactions on Internet Technology on 16/07/2021, available online: https://dl.acm.org/doi/10.1145/3419103 The accepted version of the publication may differ from the final published version.en
dc.description.abstractModern network infrastructures host converged applications that demand rapid elasticity of services, increased security and ultra-fast reaction times. The Tactile Internet promises to facilitate the delivery of these services while enabling new economies of scale for high-fdelity of machine-to-machine and human-to-machine interactions. Unavoidably, critical mission systems served by the Tactile Internet manifest high-demands not only for high speed and reliable communications but equally, the ability to rapidly identify and mitigate threats and vulnerabilities. This paper proposes a novel Multi-Agent Data Exfltration Detector Architecture (MADEX) inspired by the mechanisms and features present in the human immune system. MADEX seeks to identify data exfltration activities performed by evasive and stealthy malware that hides malicious trafc from an infected host in low-latency networks. Our approach uses cross-network trafc information collected by agents to efectively identify unknown illicit connections by an operating system subverted. MADEX does not require prior knowledge of the characteristics or behaviour of the malicious code or a dedicated access to a knowledge repository. We tested the performance of MADEX in terms of its capacity to handle real-time data and the sensitivity of our algorithm’s classifcation when exposed to malicious trafc. Experimental evaluation results show that MADEX achieved 99.97% sensitivity, 98.78% accuracy and an error rate of 1.21% when compared to its best rivals. We created a second version of MADEX, called MADEX level 2 that further improves its overall performance with a slight increase in computational complexity. We argue for the suitability of MADEX level 1 in non-critical environments, while MADEX level 2 can be used to avoid data exfltration in critical mission systems. To the best of our knowledge, this is the frst article in the literature that addresses the detection of rootkits real-time in an agnostic way using an artifcial immune system approach while it satisfes strict latency requirements.en
dc.formatapplication/pdfen
dc.language.isoenen
dc.publisherAssociation for Computing Machineryen
dc.relation.urlhttps://dl.acm.org/doi/10.1145/3419103en
dc.subjectArtificial Immune Systemsen
dc.subjectMulti-Agent Systemsen
dc.subjectFlow-based Analysisen
dc.subjectRootkitsen
dc.subjectTactile Interneten
dc.titleA flow-based multi-agent data exfiltration detection architecture for ultra-low latency networksen
dc.typeJournal articleen
dc.identifier.journalACM Transactions on Internet Technologyen
dc.date.updated2020-08-27T22:25:59Z
dc.identifier.articlenumber103
dc.date.accepted2020-08-19
rioxxterms.funderUniversity of Wolvehamptonen
rioxxterms.identifier.projectUOW07092020HAen
rioxxterms.versionAMen
rioxxterms.licenseref.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/en
rioxxterms.licenseref.startdate2021-12-31en
dc.source.volume21
dc.source.issue4
dc.source.beginpage1
refterms.dateFCD2020-09-07T09:58:16Z
refterms.versionFCDAM
refterms.dateFOA2020-05-30T00:00:00Z


Files in this item

Thumbnail
Name:
Marques_et_al_flow_based_multi ...
Size:
2.099Mb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record

https://creativecommons.org/licenses/by-nc-nd/4.0/
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-nd/4.0/