Skip to main content
SpringerLink
Log in

CONFIDANT: Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions

  • Published:
Autonomous Agents and Multi-Agent Systems Aims and scope Submit manuscript

Abstract

File Integrity Analyzers serve as a component of an Intrusion Detection environment by performing filesystem inspections to verify the content of security-critical files in order to detect suspicious modification. Existing file integrity frameworks exhibit single point-of-failure exposures. The Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) framework aims at fail-safe and trusted detection of unauthorized modifications to executable, data, and configuration files. In this paper, an IDS architecture taxonomy is proposed to classify and compare CONFIDANT with existing frameworks. The CONFIDANT file integrity verification framework is then defined and evaluated. CONFIDANT utilizes three echelons of agent interaction and four autonomous behaviors. Sensor agents in the lowest echelon comprise the sensor level to generate an assured report to companion agents of computed MD5 file digests. At the control level, beacon agents verify file integrity based on the digests from sensor-level agents assembled over time. Upper echelon transactions occur at the response level. Here watchdog behavior agents dispatch probe agents to implement the alarm signaling protocol. CONFIDANT has been implemented in the Concordia agent environment to evaluate and refine its agent behaviors. Evaluation shows that CONFIDANT mitigates single point-of-failure exposures that are present in existing frameworks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. J. McHugh A. Christie J. Allen (2000) ArticleTitle“Defending yourself: The role of intrusion detection systems” IEEE Software 17 IssueID5 42–51 Occurrence Handle10.1109/52.877859

    Article  Google Scholar 

  2. J. McHugh, A. Christie, and J. Allen, Intrusion detection: Implementation and operational issues, Software Engineering Institute Computer Emergency Response Team White Paper, 2001. URL http://www.stsc.hill.af.mil/crosstalk/2001/jan/mchugh.asp

  3. S. Grafinkel, G. Spafford, and A. Schwartz, Practical Unix & Internet Security, O’Reilly and Associates, 2003.

  4. K. Seifried, Linux administrator’s security guide – attack detection. URL http://gd.tuwien.ac.at/opsys/linux/lasg-www/attack-detection

  5. G. H. Kim and E. H. Spafford, Experiences with tripwire: Using integrity checkers for intrusion detection, Tech. Rep. CSD-TR-94-012, Department of Computer Sciences, Purdue University, 1994.

  6. Tripwire, Inc., Tripwire for servers for security & network management. URL http://www.tripwire.com/products/servers

  7. Tripwire, Inc., Tripwire manager for enterprise – wide security & network management. URL http://www.tripwire.com/products/manager

  8. R. Lehti, Advanced intrusion detection environment. URL http://www.cs.tut.fi/~rammer/aide.html

  9. Rocksoft, Veracity – nothing can change without you knowing: Data integrity assurance. URL http://www.rocksoft.com/veracity/

  10. E. L. Cashin, Integrit file verification system. URL http://integrit.sourceforge.net

  11. R. F. DeMara A. J. Rocke (2004) ArticleTitle“Mitigation of network tampering using dynamic dispatch of mobile agents” Computers & Security 23 IssueID1 31–42 Occurrence Handle10.1016/S0167-4048(04)00068-9

    Article  Google Scholar 

  12. M. Crosbie and G. Spafford, Active defense of a computer system using autonomous agents, Tech. Rep. 95-008, COAST Group, Department of Computer Sciences, Purdue University, February 1995.

  13. J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, and D. Zamboni, “An architecture for intrusion detection using autonomous agents”, Proceedings. 14th Annual Computer Security Applications Conference, pp. 13–24, 1998.

  14. M. C. Bernardes and E. dos Santos Moreira, “Implementation of an intrusion detection system based on mobile agents”, Proceedings. International Symposium on Software Engineering for Parallel and Distributed Systems, pp. 158–164, 2000.

  15. W. Jansen, P. Mell, T. Karygiannis, and D. Marks, Applying mobile agents to intrusion detection and response, National Institute of Standards and Technology, Computer Security Division, 1999. URL http://csrc.nist.gov/publications/nistir/ ir6416.pdf

  16. C. Costa, TACH design concept, Lockeed Martin Corporation, 1998.

  17. G. Wang, R. F. DeMara, and A. J. Rocke, “Mobility-enhanced file integrity analyzer for networked environments”, in Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics, and Informatics, Vol. 2, 2005, pp. 341–346.

  18. D. A. Frincke, D. Tobin, J. C. McConnell, J. Marconi, and D. Polla, “A framework for cooperative intrusion detection”, in Proceedings of the 21st NIST-NCSC National Information Systems Security Conference, 1998, pp. 361–373. URL http://citeseer.nj.nec.com/frincke98framework.html

  19. G. B. White E. A. Fisch U. W. Pooch (1996) ArticleTitle“Cooperating security managers: A peer-based intrusion detection system” IEEE Network 10 IssueID1 20–23 Occurrence Handle10.1109/65.484228

    Article  Google Scholar 

  20. P. Kotzanikolaou, M. Burmester, and V. Chrissikopoulos, “Secure transactions with mobile agents in hostile environments”, in Proceedings of the 5th Australasian Conference on Information Security and Privacy, pp. 289–297, 2000.

  21. W. Jansen, Countermeasures for mobile agent security, Computer Communications, Special Issue on Advanced Security Techniques for Network Protection.

  22. W. Jansen and T. Karygiannis, NIST special publication 800-19 – mobile agent security, National Institute of Standards and Technology. URL http://csrc.ncsl.nist.gov/mobilesecurity/Publications/ sp800-19.pdf

  23. CERIAS – autonomous agents for intrusion detection. URL http://www.cerias.purdue.edu/about/history/coast/projec ts/ aafid.php

  24. OpenSSL: Open source toolkit implementing the secure socket layer protocol. URL http://www.openssl.org/

  25. P. Burkholder, SSL man-in-the-middle attacks, Tech. rep., The SANS Institute, 2002. URL http://www.sans.org/rr/papers/60/480.pdf

  26. IBM PCI cryptographic coprocessor. URLhttp://www-3.ibm.com/security/cryptocards/library.shtml

  27. A. J. Rocke and R. F. DeMara, Trusted detection of unauthorized filesystem modifications to combat insider tampering, Tech. Rep. UCF-ECE-0410, School of Electrical Engineering and Computer Science, University of Central Florida, November 2004. URL http://netmoc.cpe.ucf.edu:8080/internal/yearReportsDetail.jsp?year=2004&id=0410

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Central Florida, Orlando, FL, 32816-2450

    Adam J. Rocke & Ronald F. Demara

Authors
  1. Adam J. Rocke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ronald F. Demara
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adam J. Rocke.

Additional information

Supported in-part by National Security Agency subcontract MDA904-99-C-2642

Rights and permissions

Reprints and permissions

About this article

Cite this article

Rocke, A.J., Demara, R.F. CONFIDANT: Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions. Auton Agent Multi-Agent Syst 12, 93–114 (2006). https://doi.org/10.1007/s10458-005-4195-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10458-005-4195-6

Keywords

Search

Navigation