Intranet security with micro-firewalls and mobile agents for proactive intrusion response

We propose a distributed multi-level architecture to solve the intranet security problem. The basic idea is to build micro firewalls on all hosts in the intranet, as a second line of defense behind the gateway firewall. A distributed intrusion detection system (IDS) is developed to achieve proactive intrusion responses with dynamic policy changes. Mobile agents, CORBA, and RMI are evaluated for dynamic policy update. We find that mobile agents are most scalable and robust for policy update, but prone to attacks by other agents and hosts. CORBA has the best speed performance. The Java-based RMI has the highest security based on the sandbox model. Key concepts, preliminary results, and continued research challenges are presented.

[1]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[2]  M. Asaka,et al.  A method of tracing intruders by use of mobile agents , 1999 .

[3]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[4]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[5]  Kai Hwang,et al.  Micro-firewalls for dynamic network security with distributed intrusion detection , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[6]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Lee Badger,et al.  Security agility in response to intrusion detection , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[8]  Robert N. Smith,et al.  Firewall placement in a large network topology , 1997, Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems.

[9]  Dan Schnackenberg,et al.  Infrastructure for intrusion detection and response , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[11]  Pattie Maes,et al.  Cooperating Mobile Agents for Dynamic Network Routing , 1999 .