Abstract
The increasing complexity of various network threats has made the integration and cooperation of multiple security monitoring technologies necessary in network security defense. However, most existing works have focused on certain special monitoring technologies such as intrusion detection, and studies on integrated security monitoring system are quite insufficient. In this paper, a novel formal model called MCSM (Multi-agent Cooperation model for Security Monitoring based on knowledge) is proposed. In MCSM, the integrated security monitoring is modeled as a FSA (Finite State Automata) with multiple agents, and a general knowledge structure for multiple agents is constructed. We have successfully developed an IMS (Integrated Monitoring System) called ACT-BroSA (Broad-spectrum security Scan and Analysis system) based on MCSM. Results of experiments show that the integrated monitoring capability is significantly improved.
This work is supported by Program for New Century Excellent Talents in University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028, Carnegie Mellon University, Software Engineering Institute (2000)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Computer Nertworks 31(8), 805–822 (1999)
Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM Conference on Computer and Communications Security (1999)
Check Point. Build Your Security Infrastructure With Best-of-Breed Products From OPSEC. Check Point Software Technologies Ltd. (2004)
Symantec. Symantec Enterprise Security Architecture (SESATM). Symantec Enterprise Security (2002)
Ioannidis, S., Keromytis, A.D., Bellovin, S.M., Smith, J.M.: Implementing a Distributed Firewall. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 190–199 (2000)
Al-Shaer, E.S., Hamed, H.H.: Discovery of policy anomalies in distributed firewalls. In: Proceedings of twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies. INFOCOM 2004, vol. 4, pp. 2655–2616 (2004)
Yue, D., Hui-qiang, W., Yong-gang, P.: Design of A Distributed Intrusion Detection System Based on Independent Agents. In: Proceedings of International Conference on Intelligent Sensing and Information Processing, pp. 254–257 (2004)
Foukia, N.: IDReAM: Intrusion Detection and Response Executed with Agent Mobility. In: Kudenko, D., Kazakov, D., Alonso, E. (eds.) AAMAS 2004. LNCS, vol. 3394, Springer, Heidelberg (2005)
Zaki, M., Sobh, T.S.: A cooperative agent-based model for active security systems. Journal of Network and Computer Applications (November 2004)
Santana Torrellas, G.A., Villa Vargas, L.A.: Modelling a flexible network security systems using multi-agents systems: security assessment considerations. In: Proceedings of the 1st international symposium on Information and communication technologies (September 2003)
Gangadharan, M., Hwang, K.: Intranet Security with Micro-Firewalls and Mobile Agents for Proactive Intrusion Response. In: The 2001 IEEE International conference on Computer Networks and Mobile Computing (October 2001)
Fu, Z., Huang, H., Wu, T., Wu, S.F., Gong, F., Xu, C., Baldine, I.: ISCP: Design and Implementation of An Inter-Domain Security Management Agent (SMA) Coordination Protocol. In: Proceedings of the 2000 IEEE/IFIP Network Operations and Management Symposium, pp. 565–578 (2000)
Boudaoud, K., McCathieNevile, C.: An Intelligent Agent-based Model for Security Management. In: Proceedings of the Seventh International Symposium on Computers and Communications, pp. 877–882 (2002)
Boudaoud, K., Lubiod, H., Boutaba, R., Guessoum, Z.: Network Security Management with Intelligent Agents. In: Proceedings of the 2000 IEEE/IFIP Network Operations and Management Symposium, pp. 579–592 (April 2000)
David, S., Christophe, L., Noureddine, Z.: Distributed Cooperation Modeling for Maintenance Using Petri Nets and Multi-Agents Systems. In: Proceedings of 2003 IEEE International Symposium on Computational Intelligence in Robotics and Automation, vol. 1, pp. 366–371 (July 2003)
Zhu, Q., Petrov, P.V., Hicks, J.D., Stoycn, A.D.: The Topologies of Cooperation in Knowledge Intensive Multi-Agent System. In: Proceedings of 2003 International Conference on Integration of Knowledge Intensive Multi-Agent Systems, pp. 741–746 (October 2003)
Gorodetski, V., Kotenko, I.: The Multi-agent Systems for Computer Network Security Assurance: Frameworks and Case Studies. In: Proceedings of the 2002 IEEE International Conference on Artificial Intelligence Systems (September 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, X., Liu, L. (2006). A Multi-agent Cooperative Model and System for Integrated Security Monitoring. In: Pointcheval, D., Mu, Y., Chen, K. (eds) Cryptology and Network Security. CANS 2006. Lecture Notes in Computer Science, vol 4301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935070_23
Download citation
DOI: https://doi.org/10.1007/11935070_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49462-1
Online ISBN: 978-3-540-49463-8
eBook Packages: Computer ScienceComputer Science (R0)