A distributed Intrusion Detection and Response System based on mobile autonomous agents using social insects communication paradigm

Abstract The ever increasing connectivity of current computer environments makes traditional Intrusion and Detection Systems more and more inefficient. The ability of moving processes across networks brings new security problems, but also gives us new ways of dealing with these environments. In this paper, we propose an architecture for a distributed stealth Intrusion Detection and Response System (IDRS) based on mobile agents mimicking behaviors of social insects. We present the motivations of an approach that solves several problems actually unchallenged and offers many new ways of thinking future IDRSs. We also depict the foundations of our architecture, discuss its main points, and expose partial results obtained from a prototype. Finally, implementation issues and future work are presented.

[1]  Tony White,et al.  Towards multi-swarm problem solving in networks , 1998, Proceedings International Conference on Multi Agent Systems (Cat. No.98EX160).

[2]  John K. Ousterhout,et al.  Tcl and the Tk Toolkit , 1994 .

[3]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[5]  Janet Bruten,et al.  Ant-like agents for load balancing in telecommunications networks , 1997, AGENTS '97.

[6]  W. Hunteman Automated Information System (AIS) Alarm System , 1997 .

[7]  Christopher G. Langton Artificial life : the proceedings of an Interdisciplinary Workshop on the Synthesis and Simulation of Living Systems held September, 1987, in Los Alamos, New Mexico , 1989 .

[8]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[9]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[10]  George Cybenko,et al.  D'Agents: Security in a Multiple-Language, Mobile-Agent System , 1998, Mobile Agents and Security.

[11]  Marco Dorigo,et al.  Ant Colonies for Adaptive Routing in Packet-Switched Communications Networks , 1998, PPSN.

[12]  Neil C. Rowe,et al.  A Distributed Autonomous-Agent Network-Intrusion Detection and Response System , 1998 .

[13]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[14]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[15]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[16]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[17]  Jing Wang,et al.  Swarm Intelligence in Cellular Robotic Systems , 1993 .

[18]  D.S. Bauer,et al.  NIDX-an expert system for real-time network intrusion detection , 1988, [1988] Proceedings. Computer Networking Symposium.