Describes a security framework in distributed systems where an intelligent agent handles the security monitoring at each host. The agents are made responsible for alerting the system administrators about an attempted intrusion or misuse of a particular system. Recently, there has been an increase in the number of reports of such attacks, which are widespread across the network and affect a chain of systems before they attack the actual target system. To detect such attacks, the amount of information associated within a single isolated system is inadequate for an agent to confirm an intrusion. Therefore, the need is emphasized for a framework that allows the agents to negotiate with their co-agents in order to share information about an intrusion, thereby aiding in the effective handling of intrusion detection. Our design aims at developing such a framework in the FIPA-OS (Foundation for Intelligent Physical Agents - Open Source) environment, which provides most of the source code for building agents on its platform. The concept of mutual co-operation among agents has been developed as a means of querying. These queries are carried out by tasks associated with each agent. The protocols to support these interactions by means of the queries are explained. The issues and requirements involved in standardizing formats, interaction protocols and architectures to co-manage intrusion detection are discussed.
[1]
Vasant Honavar,et al.
Intelligent agents for intrusion detection
,
1998,
1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).
[2]
Biswanath Mukherjee,et al.
A system for distributed intrusion detection
,
1991,
COMPCON Spring '91 Digest of Papers.
[3]
Katia P. Sycara,et al.
Distributed Intelligent Agents
,
1996,
IEEE Expert.
[4]
Agostino Poggi,et al.
Jade - a fipa-compliant agent framework
,
1999
.
[5]
Stuart Staniford-chen,et al.
The Common Intrusion Detection Framework - Data Formats
,
1998
.
[6]
M. Asaka,et al.
A method of tracing intruders by use of mobile agents
,
1999
.
[7]
Sandeep Kumar,et al.
Classification and detection of computer intrusions
,
1996
.
[8]
Kristopher Kendall,et al.
A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems
,
1999
.
[9]
Richard Bejtlich.
Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events
,
2000
.
[10]
Victor R. Lesser,et al.
Cooperative information-gathering: a distributed problem-solving approach
,
1997,
IEE Proc. Softw. Eng..