CIDS: An agent-based intrusion detection system

The paper describes security agent architecture, called CIDS, which is useful as an administrative tool for intrusion detection. Specifically, it is an agent-based monitoring and detection system, which is developed to detect malfunctions, faults, abnormalities, misuse, deviations, intrusions, and provide recommendations (in the form of common intrusion detection language). The CIDS can simultaneously monitor networked-computer activities at multiple levels (user to packet level) in order to find correlation among the deviated values (from the normal or defined policy) to determine specific security violations. The current version of CIDS (CIDS 1.4) is tested with different simulated attacks in an isolated network, and some of those results are reported here.

[1]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[2]  Neil C. Rowe,et al.  A Distributed Autonomous-Agent Network-Intrusion Detection and Response System , 1998 .

[3]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[4]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Christopher Krügel,et al.  Applying Mobile Agent Technology to Intrusion Detection , 2001 .

[6]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[7]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[8]  James H. Lambert,et al.  A Methodology for , 2000 .

[9]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[10]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[11]  Jonatan Gómez,et al.  Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[12]  Hesham El-Rewini,et al.  The international symposium on software engineering for parallel and distributed systems PDSE'99 , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[13]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[14]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[15]  Pau-Chen Cheng,et al.  BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[16]  Shigeki Goto,et al.  The Implementation of IDA: An Intrusion Detection Agent System , 1999 .

[17]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[18]  Dipankar Dasgupta,et al.  Immunity-Based Intrusion Detection System: A General Framework , 1999 .

[19]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[20]  Edson dos Santos Moreira,et al.  Implementation of an intrusion detection system based on mobile agents , 2000, 2000 Proceedings International Symposium on Software Engineering for Parallel and Distributed Systems.

[21]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[22]  M. Asaka,et al.  A method of tracing intruders by use of mobile agents , 1999 .

[23]  Mehdi Jazayeri,et al.  Gypsy: a component-based mobile agent system , 2000, Proceedings 8th Euromicro Workshop on Parallel and Distributed Processing.

[24]  Erland Jonsson,et al.  An Approach to UNIX Security Logging 1 , 1998 .

[25]  T. Karygiannis,et al.  MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[26]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[27]  Stefan Axelsson,et al.  An Approach to UNIX Security Logging , 1998 .

[28]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[29]  D. Dasgupta,et al.  Mobile security agents for network traffic analysis , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[30]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[31]  Dipankar Dasgupta,et al.  An Administrative Tool for Distributed Security Task Scheduling , 2002 .

[32]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[33]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[34]  Udo W. Pooch,et al.  A Methodology for Using Intelligent Agents to provide Automated Intrusion Response , 2000 .

[35]  Luci Pirmez,et al.  Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications , 1999, Recent Advances in Intrusion Detection.