The multi-agent systems for computer network security assurance: frameworks and case studies

The paper presents experience in application of multiagent technology for design and implementation of multiagent systems (MASs) intended to cooperatively solve the currently critical tasks in the area of computer network security assurance. These MASs are agent-based simulator of attacks against computer networks, multiagent intrusion detection system and multiagent intrusion detection learning system. Each of these MASs is based on strict formal frameworks proposed by authors and designed and implemented as software prototypes on the basis of common technology and software tool "Multi-agent System Development Kit" developed by authors. The paper sketches the above MASs and analyses advantages of use of multi-agent architecture for computer network assurance.

[1]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.

[2]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[3]  T. Karygiannis,et al.  MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[4]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[5]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[6]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Fred Cohen,et al.  Information system defences: A preliminary classification scheme , 1997, Comput. Secur..

[8]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[9]  Salvatore J. Stolfo,et al.  Algorithms for mining system audit data , 2002 .

[10]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[11]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[12]  Igor V. Kotenko,et al.  Software Development Kit for Multi-agent Systems Design and Implementation , 2001, CEEMAS.

[13]  David Wai-Lok Cheung,et al.  Is Sampling Useful in Data Mining? A Case in the Maintenance of Discovered Association Rules , 1998, Data Mining and Knowledge Discovery.

[14]  T. Bass,et al.  Intrusion Detection Systems & Multisensor Data Fusion: Creating Cyberspace Situational Awareness , 1999 .

[15]  Jong Sou Park,et al.  Network Security Modeling and Cyber Attack Simulation Methodology , 2001, ACISP.

[16]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[17]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .