Skip to main content
SpringerLink
Log in

Attacking Confidentiality: An Agent Based Approach

  • Conference paper
Intelligence and Security Informatics (ISI 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3975))

Included in the following conference series:

Abstract

A network is not secure unless it can ensure the three basic security concepts; confidentiality, integrity and availability. Attack on confidentiality and integrity of data are emerging trends in network intrusion. In this paper we primarily focus on the confidentiality aspect. With more and more sophisticated tools being easily available the number of security incidents has been rapidly increasing. Such tools reduce the attack preparation time thereby increasing attack frequency. The use of such tools also makes it difficult to discover attacks at an early stage before substantial damage has been done. Here we show a highly personalized attack by the use of specialized agents whose purpose is to search and transmit specific information from a private network without authorized access. This information may be in the form of a competitor’s marketing strategy, customers’ personal details, true financial status of an organization or any other information. We discuss that such an agent and its activity is different from common malware, describe its characteristics and design and show that such a scenario is a real possibility. We also discuss the related issues and the alarming effects posed by such an agent. It is possible that the agent we are discussing may already be in existence but are unreported.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cert advisory ca-2001-22 w32/sircam malicious code, august (2001), http://www.cert.org/advisories/CA-2001-22.html

  2. Computer worm. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Computer_worm

  3. Overview of attack trends (2002), http://www.cert.org/archive/pdf/attack_trends.pdf

  4. Social engineering. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Social_engineering_computer_security

  5. Software agent. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Software_agent

  6. Spyware. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Spyware

  7. Report on Privacy and Security, The Federal Trade Commission Advisory Committee on Online Access and Security (May 2000)

    Google Scholar 

  8. The G8 Internet Security Conference, Paris, France (May 2000)

    Google Scholar 

  9. Oracle http server vulnerability (2005), http://www.kb.cert.org/vuls/id/890940

  10. Adler, M.: Cyberspace, General Searches and Digial Conraband: the Fourth Amendment and the Net-Wite Search. Yale Law Journal 105, 1093–1120 (1996)

    Article  Google Scholar 

  11. Agarwal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Databases (2002)

    Google Scholar 

  12. Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of practice of intrusion detection technologies. Technical Report CMU/SEI-99-TR-028 ESC-99-028 (1999), http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr028.pdf

  13. Ames, W.: Understanding spyware: risk and response. IT Professional 6(5), 25–29 (2004)

    Article  MathSciNet  Google Scholar 

  14. Bace, R., Mell, P.: Intrusion Detection Systems. Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (2001)

    Google Scholar 

  15. Bronitt, S.: Complementary Comment: electronic Surveillance and Informers: Infringing the Right to Silence and Privacy. Criminal Law Journal 20, 144–152 (1996)

    Google Scholar 

  16. Bronitt, S.: Electronic Surveillance, Human Rights and Criminal Justice. Australian Journal of Human Rights 3, 183–207 (1997)

    Google Scholar 

  17. Carroll, M., Schrader, R.: Computer Related Crimes (Tenth Survey of White Collar Crime). American Criminal Law Review 32(2), 185–211 (1995)

    Google Scholar 

  18. Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison Wesley, Reading (1994)

    Google Scholar 

  19. Crocker, S.D.: Protecting the internet from distributed denial-of-service attacks: a proposal. In: Proceedings of the IEEE, September 2004, vol. 92(9) (2004)

    Google Scholar 

  20. Dearing, M.C.: Personal Jurisdiction and the Internet: Can the Traditional Principles and Landmark Cases Guide the Legal System Into the 21st Centuary? Journal of Technology, Law and Policy 4(1) (1999)

    Google Scholar 

  21. Ferrie, P., Szor, P.: W32.sircam.worm@mm, http://www.symantec.com/avcenter/venc/data/w32.sircam.wormmm.html

  22. Hackworth, A.: Spyware. CERT Coordination Center Report (2005), http://www.cert.org/archive/pdf/spyware2005.pdf

  23. Hochberg, L.: E-Avesdropping. Online News (January 2000), http://www.pbs.org/newshour/bb/cyberspace/jan-june00/email_1-7.html

  24. Longstaff, T.A., Ellis, J.T., Hernan, S.V., Lipson, H.F., Mcmillan, R.D., Pesante, L.H., Simmel, D.: Security of the internet. The Froehlich/Kent Encyclopedia of Telecommunications, Marcel Dekker, New York. CERT Coordination Center Report, vol. 15, pp. 231–255 (1997), http://www.cert.org/encyc_article/tocencyc.html

  25. Marlowe, B.: You are Being Watched. ZDNet Magazine (December 1999)

    Google Scholar 

  26. Murch, Johnson: Intelligent software agents (1999)

    Google Scholar 

  27. Nwana, H.S.: Software agents: An overview, http://www.sce.carleton.ca/netmanage/docs/AgentsOverview/ao.html

  28. Paulson, L.D.: Spike in phishing and malware a danger to it. IT Professional 7(3) (May/June 2005)

    Google Scholar 

  29. Shannon, C., Moore, D.: The spread of the witty worm. CAIDA analysis for the spread of Witty worm, http://www.caida.org/analysis/security/witty/

  30. Sommers, J., Yegneswaran, V., Barford, P.: A framework for malicious workload generation. In: Internet Measurement Conference, Taormina, Sicily, Italy, October 25 - 27 (2004), http://www.cs.wisc.edu/~pb/mace_final.pdf

  31. Spafford, E.: The internet worm program: An analysis. Technical Report CSD-TR-823, Purdue University (November 1988)

    Google Scholar 

  32. Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: 11th Usenix Security Symposium, San Francisco (August 2002)

    Google Scholar 

  33. Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of internet worms, http://www.cs.berkeley.edu/~nweaver/papers/taxonomy.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering National ICT Australia, The University of Melbourne,  

    Kapil Kumar Gupta, Baikunth Nath & Kotagiri Ramamohanarao

  2. Department of Business Law and Taxation, Monash University,  

    Ashraf U. Kazi

Authors
  1. Kapil Kumar Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Baikunth Nath
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kotagiri Ramamohanarao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ashraf U. Kazi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information and Computer Science, University of California, Irvine

    Sharad Mehrotra

  2. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  3. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  4. University of Texas at Dallas,  

    Bhavani Thuraisingham

  5. Chinese Academy of Sciences, 100190, Beijing, China

    Fei-Yue Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gupta, K.K., Nath, B., Ramamohanarao, K., Kazi, A.U. (2006). Attacking Confidentiality: An Agent Based Approach. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_25

Download citation

  • DOI: https://doi.org/10.1007/11760146_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34478-0

  • Online ISBN: 978-3-540-34479-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation