The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system, cannot be immediately located. As the idea of filtering the traffic at the "entrance door" (by firewalls, for instance) is not completely successful the use of other technologies should be considered to increase the defense capacity of a site. Therefore, the introduction of mobile agents to provide computational security by constantly moving around within the internal infoways of an organization is presented as a natural solution to prevent both external and internal sources of intrusion. This work presents an evaluation of the use of mobile agent mechanisms to add mobility features to the process of monitoring intrusion in computational systems. A modular approach is proposed, where independent small agents will monitor the communication paths. This approach presents significant advantages in terms of minimizing overhead, increasing scalability and flexibility and providing fault tolerance.
[1]
Roger S. Pressman,et al.
Software Engineering: A Practitioner's Approach
,
1982
.
[2]
Eugene H. Spafford,et al.
Defending a Computer System Using Autonomous Agents
,
1995
.
[3]
Hyacinth S. Nwana,et al.
Software agents: an overview
,
1996,
The Knowledge Engineering Review.
[4]
Eugene H. Spafford,et al.
Active Defense of a Computer System using Autonomous Agents
,
1995
.
[5]
Adriano Mauro Cansian.
Desenvolvimento de um sistema adaptativo de detecção de intrusos em redes de computadores
,
1997
.
[6]
Aaron Kershenbaum,et al.
Mobile Agents: Are They a Good Idea?
,
1996,
Mobile Object Systems.
[7]
R. Power.
CSI/FBI computer crime and security survey
,
2001
.
[8]
Eugene H. Spafford,et al.
An architecture for intrusion detection using autonomous agents
,
1998,
Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).