Efficient visualization of security events in a large agent society

The paper describes the design and development of an efficient visualization tool called security console for monitoring security related events in a large agent society (Cougaar). This administrative tool is primarily used to collect and process alert messages generated by various sensors across the distributed agent society. This tool exploits the agents’ hierarchical structural for aggregating security events in order to discover correlation among them. In particular, it logically groups related alerts from raw messages (by removing duplicates, if any) and applies data mining techniques (like association rules and frequency episode learning), to discover situations that have certain characteristics in common. We performed extensive experimentation with the security console in various attack scenarios that generate large number of alert messages. Reported results exhibit that this alert monitoring and correlation tool can provide a profile of attack patterns which occur more frequently in the monitored agent society.

[1]  D. Curry,et al.  Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition , 2004 .

[2]  P. Hyland Management of Network Security Applications , 1998 .

[3]  Neil C. Rowe,et al.  A Distributed Autonomous-Agent Network-Intrusion Detection and Response System , 1998 .

[4]  John A. Zinky,et al.  Tools and techniques for performance measurement of large distributed multiagent systems , 2003, AAMAS '03.

[5]  Richard Lazarus,et al.  An infrastructure for adaptive control of multi-agent systems , 2003, IEMC '03 Proceedings. Managing Technologically Driven Organizations: The Human Side of Innovation and Change (IEEE Cat. No.03CH37502).

[6]  T. Karygiannis,et al.  MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[7]  D. Dasgupta,et al.  MMDS : Multilevel Monitoring and Detection System , 2003 .

[8]  James E. White,et al.  Mobile Agents , 1997, Lecture Notes in Computer Science.

[9]  Heikki Mannila,et al.  Discovery of Frequent Episodes in Event Sequences , 1997, Data Mining and Knowledge Discovery.

[10]  D. Dasgupta,et al.  Mobile security agents for network traffic analysis , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.