APHIDS++: Evolution of A Programmable Hybrid Intrusion Detection System

With the rapid growth of the Internet and the ever-increasing security problems associated with its popularity, the need for protection against unwanted intruders has become imperative. Antivirus software, intrusion detection systems, spyware detectors, and mal-ware detectors are some of the protection mechanisms available to users today. The diversity of these manifold systems suggests the need for a unifying managerial system, such as APHIDS (A Programmable Hybrid Intrusion Detection System), which can correlate and coalesce preexisting security components. In this paper we provide a description of improvements made to the initial APHIDS design, comprising the introduction of agent caching, the addition of an optional intelligent agent, and an XML implementation of our Distributed Correlation Script (DCS).

[1]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[2]  Giovanni Vigna,et al.  NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[3]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[4]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[5]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[6]  Vern Paxson,et al.  Enhancing byte-level network intrusion detection signatures with context , 2003, CCS '03.

[7]  Kymie M. C. Tan,et al.  Benchmarking anomaly-based detection systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[8]  Delbert Hart,et al.  A P2P intrusion detection system based on mobile agents , 2004, ACM-SE 42.

[9]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[10]  Daniela Rus,et al.  Using mobile agents for analyzing intrusion in computer networks , 2001 .

[11]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[12]  Thomas Magedanz,et al.  GRASSHOPPER - A UNIVERSAL AGENT PLATFORM BASED ON OMG MASIF AND FIPA STANDARDS , 2000 .

[13]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[14]  Seppo Puuronen,et al.  Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events , 1999, Recent Advances in Intrusion Detection.

[15]  Luci Pirmez,et al.  Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications , 1999, Recent Advances in Intrusion Detection.

[16]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[17]  Giovanni Vigna,et al.  An Intrusion Detection System for Aglets , 2002, Mobile Agents.

[18]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[19]  Shyhtsun Felix Wu,et al.  Intrusion Detection for an On-Going Attack , 1999, Recent Advances in Intrusion Detection.

[20]  Steve Wilson,et al.  APHIDS: A Mobile Agent-Based Programmable Hybrid Intrusion Detection System , 2004, MATA.

[21]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[22]  Shigeki Goto,et al.  The Implementation of IDA: An Intrusion Detection Agent System , 1999 .

[23]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[24]  LanguagesGiovanni,et al.  Attack Languages , 2007 .

[25]  Alfonso Valdes,et al.  Next Generation Intrusion Detection Expert System (NIDES), Software Users Manual , 1994 .

[26]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[27]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[28]  Son T. Vuong,et al.  BLAZE: A Mobile Agent Paradigm for VoIP Intrusion Detection Systems , 2004, ICETE.

[29]  Thomas Magedanz,et al.  Mobility Aware Technologies and Applications, Second International Workshop, MATA 2005, Montreal, Canada, October 17-19, 2005, Proceedings , 2004, MATA.

[30]  Kwan-Liu Ma,et al.  Case study: Interactive visualization for Internet security , 2002, IEEE Visualization, 2002. VIS 2002..

[31]  Samuel T. King,et al.  Backtracking intrusions , 2003, SOSP '03.

[32]  Giovanni Vigna Mobile agents: ten reasons for failure , 2004, IEEE International Conference on Mobile Data Management, 2004. Proceedings. 2004.

[33]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[34]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .

[35]  Pau-Chen Cheng,et al.  BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[36]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[37]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[38]  Christopher Krügel,et al.  SPARTA, a Mobile Agent Based Instrusion Detection System , 2001, Network Security.

[39]  Deborah A. Frincke,et al.  Visual behavior characterization for intrusion and misuse detection , 2001, IS&T/SPIE Electronic Imaging.

[40]  Franco Zambonelli,et al.  XML dataspaces for mobile agent coordination , 2000, SAC '00.

[41]  David Billard,et al.  Computer System Immunity using Mobile Agents , 2001 .

[42]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[43]  Tony White,et al.  Mobile agents for network management , 1998, IEEE Communications Surveys & Tutorials.

[44]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[45]  Chengqi Zhang,et al.  MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agent , 2004 .

[46]  Christopher Krügel,et al.  Flexible, Mobile Agent Based Intrusion Detection for Dynamic Networks , 2001 .

[47]  Peter Mell,et al.  Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems , 1999, Recent Advances in Intrusion Detection.