An ontology-based multiagent approach to outbound intrusion detection

Summary form only given. The advantages of using knowledge representation and management techniques in information security have been already identified by some researchers, however, little has been done to enable security technologies with them. We present an ontology-based multiagent architecture that implements outbound intrusion detection, a monitoring approach that aims at guaranteeing that local systems are not used to compromise others. The specific goal is to identify automated attack tools, which constitute a public, unexplored repository of software security information. An attacker-centric ontology supports the architecture. Agents organized into teams execute on trusted sub-environments called cells, which are in turn organized non-hierarchically. Cells perform two independent misuse detection strategies whose output is further correlated to provide a third, more accurate diagnosis. Ontology and signature updates are deployed over the Internet as a way to speed up incident response.

[1]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[2]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[3]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[4]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[5]  Ramón F. Brena,et al.  Just-in-time information and knowledge: Agent technology for KM business process , 2001, 2001 IEEE International Conference on Systems, Man and Cybernetics. e-Systems and e-Man for Cybernetics in Cyberspace (Cat.No.01CH37236).

[6]  Katia P. Sycara,et al.  Towards agent oriented application frameworks , 2000, CSUR.

[7]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[8]  Stephen Northcutt,et al.  Network intrusion detection , 2003 .

[9]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[10]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[11]  Timothy W. Finin,et al.  A Target Centric Ontology for Intrusion Detection: Using DAML+OIL to Classify Intrusive Behaviors , 2004 .

[12]  Salvatore J. Stolfo,et al.  A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions , 2000, Recent Advances in Intrusion Detection.

[13]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[14]  Brad Calder,et al.  Automatically characterizing large scale program behavior , 2002, ASPLOS X.

[15]  Cristina L. Abad,et al.  Log correlation for intrusion detection: a proof of concept , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[16]  S-W Lee,et al.  Biologically Motivated Computer Vision , 2000, Lecture Notes in Computer Science.

[17]  Harold Joseph Highland,et al.  AIN'T misbehaving—A taxonomy of anti-intrusion techniques , 1995 .

[18]  Salvador Mandujano,et al.  Outbound Intrusion Detection , 2004 .

[19]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[20]  D. Frincke,et al.  A Framework for Cooperative Intrusion Detection , 1998 .

[21]  T. Karygiannis,et al.  MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[22]  Salvador Mandujano,et al.  ODISET: On-line Distributed Session Tracing using Agents , 2003, IJCAI.