A distributed multi-agent architecture for computer security situational awareness

Distributed systems for computer security analysis must pe$om information firsion in order to construct a cyberspace situational awareness picture. To date such fusion has been conducted in the context of a single abstraction set. As the complexity and heterogony increase, this approach becomes unwieldy. In a conceptual sense it is unscaleable. In this paper we describe an alternative approach, an architecture which supports concurrent reasoning in multiple sets of abstractions in a structured way. We present the architecture and a reasoning system for cyberspace situational awareness constructed using our approach.

[1]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[2]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[3]  Valentina Tamma,et al.  An Experience with Ontology-based Agent Clustering , 1999 .

[4]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[5]  Christopher Krügel,et al.  Distributed Pattern Detection for Intrusion Detection , 2002, NDSS.

[6]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[7]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[8]  R GruberThomas Toward principles for the design of ontologies used for knowledge sharing , 1995 .

[9]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[10]  Charles Nicholas,et al.  SHOMAR: An Open Architecture for Distributed Intrusion Detection Services , 2002 .

[11]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[12]  T. Bass The federation of critical infrastructure information via publish-subscribe enabled multisensor data fusion , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).