Skip to main content
SpringerLink
Log in

A Multi-agent Cooperative Model and System for Integrated Security Monitoring

  • Conference paper
Book cover Cryptology and Network Security (CANS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4301))

Included in the following conference series:

  • 817 Accesses

Abstract

The increasing complexity of various network threats has made the integration and cooperation of multiple security monitoring technologies necessary in network security defense. However, most existing works have focused on certain special monitoring technologies such as intrusion detection, and studies on integrated security monitoring system are quite insufficient. In this paper, a novel formal model called MCSM (Multi-agent Cooperation model for Security Monitoring based on knowledge) is proposed. In MCSM, the integrated security monitoring is modeled as a FSA (Finite State Automata) with multiple agents, and a general knowledge structure for multiple agents is constructed. We have successfully developed an IMS (Integrated Monitoring System) called ACT-BroSA (Broad-spectrum security Scan and Analysis system) based on MCSM. Results of experiments show that the integrated monitoring capability is significantly improved.

This work is supported by Program for New Century Excellent Talents in University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028, Carnegie Mellon University, Software Engineering Institute (2000)

    Google Scholar 

  2. Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Computer Nertworks 31(8), 805–822 (1999)

    Article  Google Scholar 

  3. Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM Conference on Computer and Communications Security (1999)

    Google Scholar 

  4. Check Point. Build Your Security Infrastructure With Best-of-Breed Products From OPSEC. Check Point Software Technologies Ltd. (2004)

    Google Scholar 

  5. Symantec. Symantec Enterprise Security Architecture (SESATM). Symantec Enterprise Security (2002)

    Google Scholar 

  6. Ioannidis, S., Keromytis, A.D., Bellovin, S.M., Smith, J.M.: Implementing a Distributed Firewall. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 190–199 (2000)

    Google Scholar 

  7. Al-Shaer, E.S., Hamed, H.H.: Discovery of policy anomalies in distributed firewalls. In: Proceedings of twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies. INFOCOM 2004, vol. 4, pp. 2655–2616 (2004)

    Google Scholar 

  8. Yue, D., Hui-qiang, W., Yong-gang, P.: Design of A Distributed Intrusion Detection System Based on Independent Agents. In: Proceedings of International Conference on Intelligent Sensing and Information Processing, pp. 254–257 (2004)

    Google Scholar 

  9. Foukia, N.: IDReAM: Intrusion Detection and Response Executed with Agent Mobility. In: Kudenko, D., Kazakov, D., Alonso, E. (eds.) AAMAS 2004. LNCS, vol. 3394, Springer, Heidelberg (2005)

    Google Scholar 

  10. Zaki, M., Sobh, T.S.: A cooperative agent-based model for active security systems. Journal of Network and Computer Applications (November 2004)

    Google Scholar 

  11. Santana Torrellas, G.A., Villa Vargas, L.A.: Modelling a flexible network security systems using multi-agents systems: security assessment considerations. In: Proceedings of the 1st international symposium on Information and communication technologies (September 2003)

    Google Scholar 

  12. Gangadharan, M., Hwang, K.: Intranet Security with Micro-Firewalls and Mobile Agents for Proactive Intrusion Response. In: The 2001 IEEE International conference on Computer Networks and Mobile Computing (October 2001)

    Google Scholar 

  13. Fu, Z., Huang, H., Wu, T., Wu, S.F., Gong, F., Xu, C., Baldine, I.: ISCP: Design and Implementation of An Inter-Domain Security Management Agent (SMA) Coordination Protocol. In: Proceedings of the 2000 IEEE/IFIP Network Operations and Management Symposium, pp. 565–578 (2000)

    Google Scholar 

  14. Boudaoud, K., McCathieNevile, C.: An Intelligent Agent-based Model for Security Management. In: Proceedings of the Seventh International Symposium on Computers and Communications, pp. 877–882 (2002)

    Google Scholar 

  15. Boudaoud, K., Lubiod, H., Boutaba, R., Guessoum, Z.: Network Security Management with Intelligent Agents. In: Proceedings of the 2000 IEEE/IFIP Network Operations and Management Symposium, pp. 579–592 (April 2000)

    Google Scholar 

  16. David, S., Christophe, L., Noureddine, Z.: Distributed Cooperation Modeling for Maintenance Using Petri Nets and Multi-Agents Systems. In: Proceedings of 2003 IEEE International Symposium on Computational Intelligence in Robotics and Automation, vol. 1, pp. 366–371 (July 2003)

    Google Scholar 

  17. Zhu, Q., Petrov, P.V., Hicks, J.D., Stoycn, A.D.: The Topologies of Cooperation in Knowledge Intensive Multi-Agent System. In: Proceedings of 2003 International Conference on Integration of Knowledge Intensive Multi-Agent Systems, pp. 741–746 (October 2003)

    Google Scholar 

  18. Gorodetski, V., Kotenko, I.: The Multi-agent Systems for Computer Network Security Assurance: Frameworks and Case Studies. In: Proceedings of the 2002 IEEE International Conference on Artificial Intelligence Systems (September 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Beihang University, Beijing, China

    Xianxian Li & Lijun Liu

Authors
  1. Xianxian Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lijun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ecole Normale Supérieure – LIENS/CNRS/INRIA,, France

    David Pointcheval

  2. Centre for Computer and Information Security Research School of Computer Science and Software Engineering, University of Wollongong, Australia

    Yi Mu

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, X., Liu, L. (2006). A Multi-agent Cooperative Model and System for Integrated Security Monitoring. In: Pointcheval, D., Mu, Y., Chen, K. (eds) Cryptology and Network Security. CANS 2006. Lecture Notes in Computer Science, vol 4301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935070_23

Download citation

  • DOI: https://doi.org/10.1007/11935070_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49462-1

  • Online ISBN: 978-3-540-49463-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation