Autonomic Agent-Based Self-Managed Intrusion Detection and Prevention System

Over the last fifteen years the world has experienced a wide variety of computer threats and general computer security problems. As communication advances and information management systems become more and more powerful and distributed, organizations are becoming increasingly vulnerable to potential security threats such as intrusions at all levels of Information Communication Technology (ICT). There is an urgency to provide secure and safe information security system through the use of firewalls, Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), encryption, authentication, and other hardware and software solutions. Many intrusion detection and prevention systems have been designed, but still there are significant drawbacks. Some of these drawbacks are low detection efficiency, inaccurate prevention schemes and high false alarm rates. Since IDSs and IPSs have become necessary security tools for detecting and preventing attacks on ICT resources, it is essential to upgrade the previous designs, techniques and methods to overcome flaws. Anomaly detection is an essential component of the detection mechanism against unknown attacks but this requires advanced techniques to be better and more effective. In this paper we put forward a new agent-based self-managed approach of anomaly intrusion prevention system based on risk assessment and managed by the principles of the Autonomic Computing (AC) concept, which has all the flavors of self-management. Applying AC will open up new frontiers, and enhance and improve the intrusion detection mechanism by not only protecting the system’s information and assets but also to stop and prevent the breach before it happens. It can also assist in digital forensics and investigations.

[1]  Adesina Simon Sodiya,et al.  Multi-Level and Secured Agent-Based Intrusion Detection System , 2006, J. Comput. Inf. Technol..

[2]  Jian-An Fang,et al.  Intrusion Detection Model Based on Hierarchical Fuzzy Inference System , 2009, 2009 Second International Conference on Information and Computing Science.

[3]  Junlin Chang,et al.  Intrusion Prevention System Base on Immune Vaccination , 2009, 2009 Second International Conference on Intelligent Computation Technology and Automation.

[4]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[5]  Khaled Ghédira,et al.  Agent IDS based on Misuse Approach , 2009, J. Softw..

[6]  Hossein Bidgoli Handbook of Information Security , 2005 .

[7]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[8]  Dennis G. Shea,et al.  Autonomic personal computing , 2003, IBM Syst. J..

[9]  Gaia Maselli Design and Implementation of an Anomaly Detection System: an Empirical Approach , 2003 .

[10]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[11]  Xin Xu,et al.  Autonomic Computing for Defense-in-Depth Information Assurance: Architecture and a Case Study , 2004, GCC Workshops.

[12]  Julie A. McCann,et al.  A survey of autonomic computing—degrees, models, and applications , 2008, CSUR.

[13]  Richard A. Wasniowski Multi-sensor agent-based intrusion detection system , 2005, InfoSecCD '05.

[14]  Yoseba K. Penya,et al.  Next-Generation Misuse and Anomaly Prevention System , 2008, ICEIS.