Design of a Dynamically Extensible System for Network Monitoring using Mobile Agents

We present here the design of a framework for building future generation network monitoring systems using mobile agents. It is designed to support dynamic configurability, extensibility, active monitoring, and secure operations. New event types and their detection procedures can be incrementally added in this system, and any desired event data aggregation policies can be defined using the publishersubscriber model. The use of Prolog provides high level and easy-to-use abstractions for defining and detecting new compound events based on correlation of event data. Active monitoring in this system is supported by defining event dependencies. The use of Ajanta, a secure mobile agent programming platform, provides the necessary infrastructure for protecting the monitoring system. We present here a set of experiments that we conducted using this system to evaluate and demonstrate its capabilities.

[1]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[2]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[3]  R. Boutaba,et al.  An outlook on intranet management , 1997 .

[4]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[5]  Anand R. Tripathi,et al.  A security architecture for mobile agents in Ajanta , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[6]  Anand R. Tripathi,et al.  Design issues in mobile agent programming systems , 1998, IEEE Concurr..

[7]  Alexander Poylisher,et al.  Mobile agents for aggregation of network management data , 1999, Proceedings. First and Third International Symposium on Agent Systems Applications, and Mobile Agents.

[8]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[9]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[10]  William Stallings,et al.  SNMP and SNMPv2: the infrastructure for network management , 1998, IEEE Commun. Mag..

[11]  Peter G. Neumann,et al.  IDES: A Progress Report , 1990 .

[12]  Aaron Kershenbaum,et al.  Mobile Agents: Are They a Good Idea? , 1996, Mobile Object Systems.

[13]  Silvano Gai,et al.  Exploiting Code Mobility in Decentralized and Flexible Network Management , 1997, Mobile Agents.

[14]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[15]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[16]  Paul Dokas,et al.  Paradigms for mobile agent based active monitoring of network systems , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[17]  Anand R. Tripathi,et al.  Security in the Ajanta mobile agent system , 2001, Softw. Pract. Exp..

[18]  M. Mansouri-Samani,et al.  Monitoring distributed systems , 1993, IEEE Network.

[19]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[20]  Paolo Bellavista,et al.  An Open Secure Mobile Agent Framework for Systems Management , 1999, Journal of Network and Systems Management.

[21]  Anand R. Tripathi,et al.  Mobile agent programming in Ajanta , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).