Towards the automatic generation of mobile agents for distributed intrusion detection system

The Mobile Agent Intrusion Detection System (MAIDS) is an agent based distributed Intrusion Detection System (IDS). A disciplined requirement engineering process is developed to build MAIDS. The starting point is a high level description of intrusions expressed as Software Fault Trees (SFTs). Then the SFTs are translated to Colored Petri Nets (CPNs) that specify the IDS design. Subsequently, the CPNs are implemented as software intrusion detection agents in the MAIDS agent system. By using SFT and CPN as the theoretical underpinnings, the design and implementation of MAIDS can be verified and the design and implementation errors can be substantially reduced. This paper presents a tool that automatically translates CPNs that specify IDS design into software intrusion detection agents in MAIDS. Together with the translator we have developed to convert SFTs that model intrusions into the CPN for IDS design, this tool can automatically generate intrusion detection software agents from a high level description of intrusions.

[1]  Biswanath Mukherjee,et al.  A system for distributed intrusion detection , 1991, COMPCON Spring '91 Digest of Papers.

[2]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[3]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[4]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Vasant Honavar,et al.  A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System , 2002, Requirements Engineering.

[6]  Martin Roesch,et al.  SNORT: The Open Source Network Intrusion Detection System 1 , 2002 .

[7]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.