Abstract
A network is not secure unless it can ensure the three basic security concepts; confidentiality, integrity and availability. Attack on confidentiality and integrity of data are emerging trends in network intrusion. In this paper we primarily focus on the confidentiality aspect. With more and more sophisticated tools being easily available the number of security incidents has been rapidly increasing. Such tools reduce the attack preparation time thereby increasing attack frequency. The use of such tools also makes it difficult to discover attacks at an early stage before substantial damage has been done. Here we show a highly personalized attack by the use of specialized agents whose purpose is to search and transmit specific information from a private network without authorized access. This information may be in the form of a competitor’s marketing strategy, customers’ personal details, true financial status of an organization or any other information. We discuss that such an agent and its activity is different from common malware, describe its characteristics and design and show that such a scenario is a real possibility. We also discuss the related issues and the alarming effects posed by such an agent. It is possible that the agent we are discussing may already be in existence but are unreported.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cert advisory ca-2001-22 w32/sircam malicious code, august (2001), http://www.cert.org/advisories/CA-2001-22.html
Computer worm. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Computer_worm
Overview of attack trends (2002), http://www.cert.org/archive/pdf/attack_trends.pdf
Social engineering. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Social_engineering_computer_security
Software agent. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Software_agent
Spyware. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Spyware
Report on Privacy and Security, The Federal Trade Commission Advisory Committee on Online Access and Security (May 2000)
The G8 Internet Security Conference, Paris, France (May 2000)
Oracle http server vulnerability (2005), http://www.kb.cert.org/vuls/id/890940
Adler, M.: Cyberspace, General Searches and Digial Conraband: the Fourth Amendment and the Net-Wite Search. Yale Law Journal 105, 1093–1120 (1996)
Agarwal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Databases (2002)
Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of practice of intrusion detection technologies. Technical Report CMU/SEI-99-TR-028 ESC-99-028 (1999), http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr028.pdf
Ames, W.: Understanding spyware: risk and response. IT Professional 6(5), 25–29 (2004)
Bace, R., Mell, P.: Intrusion Detection Systems. Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (2001)
Bronitt, S.: Complementary Comment: electronic Surveillance and Informers: Infringing the Right to Silence and Privacy. Criminal Law Journal 20, 144–152 (1996)
Bronitt, S.: Electronic Surveillance, Human Rights and Criminal Justice. Australian Journal of Human Rights 3, 183–207 (1997)
Carroll, M., Schrader, R.: Computer Related Crimes (Tenth Survey of White Collar Crime). American Criminal Law Review 32(2), 185–211 (1995)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison Wesley, Reading (1994)
Crocker, S.D.: Protecting the internet from distributed denial-of-service attacks: a proposal. In: Proceedings of the IEEE, September 2004, vol. 92(9) (2004)
Dearing, M.C.: Personal Jurisdiction and the Internet: Can the Traditional Principles and Landmark Cases Guide the Legal System Into the 21st Centuary? Journal of Technology, Law and Policy 4(1) (1999)
Ferrie, P., Szor, P.: W32.sircam.worm@mm, http://www.symantec.com/avcenter/venc/data/w32.sircam.wormmm.html
Hackworth, A.: Spyware. CERT Coordination Center Report (2005), http://www.cert.org/archive/pdf/spyware2005.pdf
Hochberg, L.: E-Avesdropping. Online News (January 2000), http://www.pbs.org/newshour/bb/cyberspace/jan-june00/email_1-7.html
Longstaff, T.A., Ellis, J.T., Hernan, S.V., Lipson, H.F., Mcmillan, R.D., Pesante, L.H., Simmel, D.: Security of the internet. The Froehlich/Kent Encyclopedia of Telecommunications, Marcel Dekker, New York. CERT Coordination Center Report, vol. 15, pp. 231–255 (1997), http://www.cert.org/encyc_article/tocencyc.html
Marlowe, B.: You are Being Watched. ZDNet Magazine (December 1999)
Murch, Johnson: Intelligent software agents (1999)
Nwana, H.S.: Software agents: An overview, http://www.sce.carleton.ca/netmanage/docs/AgentsOverview/ao.html
Paulson, L.D.: Spike in phishing and malware a danger to it. IT Professional 7(3) (May/June 2005)
Shannon, C., Moore, D.: The spread of the witty worm. CAIDA analysis for the spread of Witty worm, http://www.caida.org/analysis/security/witty/
Sommers, J., Yegneswaran, V., Barford, P.: A framework for malicious workload generation. In: Internet Measurement Conference, Taormina, Sicily, Italy, October 25 - 27 (2004), http://www.cs.wisc.edu/~pb/mace_final.pdf
Spafford, E.: The internet worm program: An analysis. Technical Report CSD-TR-823, Purdue University (November 1988)
Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: 11th Usenix Security Symposium, San Francisco (August 2002)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of internet worms, http://www.cs.berkeley.edu/~nweaver/papers/taxonomy.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gupta, K.K., Nath, B., Ramamohanarao, K., Kazi, A.U. (2006). Attacking Confidentiality: An Agent Based Approach. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_25
Download citation
DOI: https://doi.org/10.1007/11760146_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34478-0
Online ISBN: 978-3-540-34479-7
eBook Packages: Computer ScienceComputer Science (R0)