A Self-Organising Multi-Agent System For Decentralised Forensic Investigations

Phillip Kendrick, Natalia Criado Pacheco, Abir Hussain, Martin Randles

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)
153 Downloads (Pure)


As network-based threats continue to evolve more rapidly, detecting and re-
sponding to intrusion attempts in real-time requires an increasingly automated
and intelligent response. This paper provides an agent-based framework for
the analysis of cyber events within networks of varying sizes to detect complex
multi-stage attacks. Agents are used as intelligent systems to explore domain
specic and situational information showing the benet of adaptive technolo-
gies that proactively analyse security events in real time. We introduce several
algorithms to encapsulate and manage the traditional detection technologies
and provide agent-based performance introspection as a mechanism to identify
poorly performing systems. Our evaluation shows that the algorithms can re-
duce the amount of processing needed to analyse a security event by over 50%
and improve the detection rate by up to 20% by introducing corrective systems
to reduce false alarm rates in error-prone environments.
Original languageEnglish
Pages (from-to)12-26
JournalExpert Systems with Applications
Early online date15 Feb 2018
Publication statusPublished - 15 Jul 2018


Dive into the research topics of 'A Self-Organising Multi-Agent System For Decentralised Forensic Investigations'. Together they form a unique fingerprint.

Cite this