An Intrusion Detection System for Aglets

Mobile agent systems provide support for the execution of mobile software components, called agents. Agents acting on behalf of different users can move between execution environments hosted by different organizations. The security implications of this model are evident and these security concerns have been addressed by extending the authentication and access control mechanisms originally conceived for distributed operating systems to mobile agent systems. Other well-known security mechanisms have been neglected. In particular, satisfactory auditing mechanisms have seldom been implemented for mobile agent systems. The lack of complete and reliable auditing makes it difficult to analyze the actions of mobile components to look for evidence of malicious behavior. This paper presents an auditing facility for the Aglets mobile agent system and an intrusion detection system that takes advantage of this facility. The paper describes how auditing was introduced into the Aglets system, the steps involved in developing the intrusion detection system, and the empirical evaluation of the approach.

[1]  William M. Farmer,et al.  Security for Mobile Agents: Issues and Requirements , 1996 .

[2]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[3]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[4]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[6]  Matt Bishop,et al.  Supporting reconfigurable security policies for mobile programs , 2000, Comput. Networks.

[7]  George Cybenko,et al.  D'Agents: Security in a Multiple-Language, Mobile-Agent System , 1998, Mobile Agents and Security.

[8]  Giovanni Vigna,et al.  Mobile Agents and Security , 1998, Lecture Notes in Computer Science.

[9]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .

[10]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[12]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[13]  Giovanni Vigna,et al.  Designing a Web of Highly-Configurable Intrusion Detection Sensors , 2001, Recent Advances in Intrusion Detection.

[14]  Giovanni Vigna,et al.  Cryptographic Traces for Mobile Agents , 1998, Mobile Agents and Security.

[15]  Athanasios T. Karygiannis,et al.  SP 800-19. Mobile Agent Security , 1999 .

[16]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[17]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[18]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[19]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[20]  Amy L. Murphy,et al.  Software engineering for mobility: a roadmap , 2000, ICSE '00.

[21]  Paul Dokas,et al.  ACTIVE MONITORING OF NETWORK SYSTEMS USING MOBILE AGENTS , 2002 .

[22]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[23]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[24]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[25]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[26]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[27]  Giovanni Vigna,et al.  The STAT tool suite , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[28]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[29]  Giovanni Vigna,et al.  The statl attack detection language , 2002 .