论文信息 - Building agents for rule-based intrusion detection system

Building agents for rule-based intrusion detection system

In this paper we describe the development and testing of an agent-based intrusion detection system for Linux platform. We take a dual-approach to intrusion detection: pre-emptory and reactionary. With the pre-emptory approach, a network-based agent is implemented to monitor all packets entering the network and detect a known attack-based on a pre-defined rule. The reactionary approach is realized through a separate host-based agent to routinely check specific log files in order to detect system anomalies caused by successful attacks. Once a possible intrusion attempt has been detected by either one of the agents, it attempts to block the attack, records the attack details in a system log file, E-mails the system administrator, displays a warning through a graphical warning window. The agents operate in the background of user applications and system software without any noticeable performance effect on them.

Mahbub Hassan | Sanjay Jha | M. Hassan | S. Jha

[1] W. Richard Stevens,et al. Unix network programming , 1990, CCRV.

[2] Todd L. Heberlein,et al. Network intrusion detection , 1994, IEEE Network.

[3] Marc Dacier,et al. Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[4] Terran Lane,et al. An Application of Machine Learning to Anomaly Detection , 1999 .

[5] Vern Paxson,et al. Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[6] Peter G. Neumann,et al. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[7] Eugene H. Spafford,et al. An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[8] TERRAN LANE,et al. Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.