Abstract
This paper presents an agent-based approach to Network Intrusion Prevention on corporate networks, emphasizing the protection from fast-spreading mobile malicious code outbreaks (e.g. worms) and related threats. Agents are not only used as a system-integration platform, but we use modern agent approaches to trust modeling and distributed task allocation to efficiently detect and also counter the attack by automatically created and deployed filters. The ability of the system to react autonomously, without direct human supervision, is crucial in countering the fast-spreading worms, that employ efficient scanning strategies to immediately spread farther once they infect a single host in the network.
This material is based upon work supported by the European Research Office of the US Army under Contract No. N62558-07-C-0001 and N62558-07-C-0007. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the European Research Office of the US Army. Also supported by Czech Ministry of Education grants 1M0567 and 6840770038.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: INFOCOM (2003)
Stallings, W.: Data and computer communications, 5th edn. Prentice-Hall Inc., Englewood Cliffs (1997)
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Chalmers Univ. (2000)
Rehak, M., Pechoucek, M.: Trust modeling with context representation and generalized identities. In: Klusch, M., Hindriks, K., Papazoglou, M.P., Sterling, L. (eds.) CIA 2007. LNCS(LNAI), pp. 298–312. Springer, Heidelberg (2007)
Fischer, K., Muller, J.P., Pischel, M., Schier, D.: A model for cooperative transportation scheduling. In: Proceedings of the First International Conference on Multiagent Systems, Menlo park, California, pp. 109–116. AAAI Press / MIT Press (1995)
Maes, P.: Computational reflection. Technical report 87-2, Free University of Brussels, AI Lab (1987)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Kumar, V., Srivastava, J., Dokas, P.: Minds - minnesota intrusion detection system. In: Next Generation Data Mining, MIT Press, Cambridge (2004)
Rehak, M., Gregor, M., Pechoucek, M., Bradshaw, J.M.: Representing context for multiagent trust modeling. In: IAT 2006. IEEE/WIC/ACM Intl. Conf. on Intelligent Agent Technology, USA, pp. 737–746. IEEE Computer Society, Los Alamitos (2006)
Haffner, P., Sen, S., Spatscheck, O., Wang, D.: Acas: automated construction of application signatures. In: MineNet 2005. Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, pp. 197–202. ACM Press, New York (2005)
Rehák, M., Foltýn, L., Pěchouček, M., Benda, P.: Trust model for open ubiquitous agent systems. In: Intelligent Agent Technology, 2005. IEEE/WIC/ACM International Conference, vol. PR2416, IEEE, Los Alamitos (2005)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, New York (2001)
Smith, R.G.: The contract net protocol: High level communication and control in a distributed problem solver. IEEE Transactions on Computers C-29, 1104–1113 (1980)
SNORT intrusion prevention system (2007) (accessed, January 2007), http://www.snort.org/
Keromytis, A.D., Parekh, J., Gross, P.N., Kaiser, G., Misra, V., Nieh, J., Rubenstein, D., Stolfo, S.: A holistic approach to service survivability. In: SSRS. Proceedings of the 2003 ACM Workshop on Survivable and Self-Regenerative Systems, pp. 11–22. ACM Press, New York (2003)
Sidiroglou, S., Keromytis, A.D.: Countering network worms through automatic patch generation. IEEE Security & Privacy 3, 41–49 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rehák, M., Pěchouček, M., Tožička, J., Prokopová, M., Medvigy, D., Novotný, J. (2007). Agent-Based Network Protection Against Malicious Code. In: Burkhard, HD., Lindemann, G., Verbrugge, R., Varga, L.Z. (eds) Multi-Agent Systems and Applications V. CEEMAS 2007. Lecture Notes in Computer Science(), vol 4696. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75254-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-75254-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75253-0
Online ISBN: 978-3-540-75254-7
eBook Packages: Computer ScienceComputer Science (R0)