An Intrusion Response Scheme: Tracking the alert source using a stigmergy paradigm

Today, the security community is in search of novel solutions to achieve e cient responses to intrusions. This is particularly needed because attackers intervene in an automated way, at computer speed. There also is a need to respond according to the nature of the detected attack. That is why Intrusion Detection Systems (ID Systems) and Intrusion Response Systems (IR Systems) have to cooperate and work in parallel. To this end, it is more e cient to design the IR System in function of the ID System. This paper describes an IR System based on Mobile Agents (MAs) distributed throughout the network. This IR System is strongly adjustable to its partner ID System, also based on MAs. Both the ID System and the IR System are designed in quite similar ways, since both are mappings of the behavior of natural systems. We present our approach to building these two systems based on natural life. We particularly stress the design of our IR System and present some simulations to demonstrate its e ciency.

[1]  Nigel R. Franks,et al.  Ants estimate area using Buffon's needle , 2000, Proceedings of the Royal Society of London. Series B: Biological Sciences.

[2]  Hasan Pirkul,et al.  Routing in packet-switched communication networks , 1994, Comput. Commun..

[3]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[4]  Marco Dorigo,et al.  Ant Colonies for Adaptive Routing in Packet-Switched Communications Networks , 1998, PPSN.

[5]  Salima Hassas,et al.  A distributed Intrusion Detection and Response System based on mobile autonomous agents using social insects communication paradigm , 2001, Electron. Notes Theor. Comput. Sci..

[6]  Dan Schnackenberg,et al.  Infrastructure for intrusion detection and response , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[7]  David Billard,et al.  Computer System Immunity using Mobile Agents , 2001 .

[8]  Udo W. Pooch,et al.  Adaptation techniques for intrusion detection and intrusion response systems , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[9]  Eric Bonabeau,et al.  Cooperative transport by ants and robots , 2000, Robotics Auton. Syst..

[10]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .