A cooperative agent-based model for active security systems

This paper presents a multi-agent model for implementing active security concepts. In this model, a group of agents can carry out their tasks cooperatively in order to achieve an ultimate security goal. Thus a low-level module of the proposed model reads the values of interesting data items of the relevant current network events and passes them to a relational database. Comparing these measurements against predefined values in an intruder signature database may point to a particular attack.The proposed model consists of two parts. (1) A multiagent Intrusion Detection System (MIDS) for detecting attacks. (2) An Active Security Mechanism (ASM) for taking active, network-wide, response against attackers. The proposed approach provides a customizable host environment built from various systems software components to allow an optimal match between the intrusion circumstances and the underlying security architecture. Thus, different frameworks can support alternative responses of existing security services. In addition, the ASM can take rapid response against attacks by making use of sensible sharing of attack intelligence. System agents communicate with each other on different hosts using an agent communication language through a message router.

[1]  Craig Valli NIDH - Network Intrusion Detection Hierarchy: A model for gathering attack intelligence , 2001 .

[2]  Rohan De Silva A security architecture for active networks , 2004 .

[3]  Douglas S. Reeves,et al.  Tracing Based Active Intrusion Response , 2002 .

[4]  Sven Dietrich Active networks defense: some concepts and techniques , 2002 .

[5]  R. Power CSI/FBI computer crime and security survey , 2001 .

[6]  Osman N. Ertugay,et al.  Commercially viable active networking , 2002, OPSR.

[7]  Sotiris Ioannidis,et al.  Practical Network Applications on a Lightweight Active Management Environment , 2001, IWAN.

[8]  José M. Vidal,et al.  Multiagent network security system using FIPA-OS , 2002, Proceedings IEEE SoutheastCon 2002 (Cat. No.02CH37283).

[9]  William J. Buchanan,et al.  An intelligent agent security intrusion system , 2002, Proceedings Ninth Annual IEEE International Conference and Workshop on the Engineering of Computer-Based Systems.

[10]  Kaustubh Phaltankar Practical Guide for Implementing Secure Intranets and Extranets , 1999 .

[11]  Roy H. Campbell,et al.  Seraphim: An Active Security Architecture for Active Networks , 1999 .

[12]  Won Suk Lee,et al.  An anomaly intrusion detection method by clustering normal user behavior , 2003, Comput. Secur..

[13]  Sotiris Ioannidis,et al.  Efficient packet monitoring for network management , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[14]  Sung-Bae Cho,et al.  Detecting intrusion with rule-based integration of multiple models , 2003, Comput. Secur..