A Biological Immune System (BIS) inspired Mobile Agent Platform (MAP) security architecture
Introduction
In present era, one of the emanating paradigms for structuring applications over the Internet is Mobile Agent technology, due to its effective characteristics like autonomy, intelligence, adaptability, flexibility etc. (Aneiba & Rees, 2004). It has been engaged in many sectors from the network management exercises to the information management (Bieszczad et al., 1998, Satoh, 2003). It affords an infrastructure not only for executing autonomous agents but also for dispatching them between different computers. Thus, a mobile agent is not restricted to the platform where it is written or created; rather it travels freely among different machines (Urra, IIarri, Trillo, & Mena, 2009). Moreover, the agent defers its computations at one platform, moves to another with its state, data and code, and recommences the execution there (Eid, Artail, Kayssi, & Chehab, 2005). Autonomy and mobility are underlined as a cornerstone of the agent (Horvat, Cvetković, & Milutinović, 2001).
Despite the fact that mobile agents present many advantages to the distributed computing including network load reduction, overcoming network latency, executing dynamically, asynchronously and autonomously (Lange & Oshima, 1999); the security alone is a massive problem that shades down its global acceptance.
- -
The mobile agents while roving in a network bring with them the fear of viruses, Trojan horses and other invasive means or entities (Thomsen & Thomsen, 1997). This is because the attacks can be occurred when the mobile agent traverses in the communication channel and there may be some attackers overhearing the network either to gain some of the information carried by the agent (passive attack) or altering that information for their own benefits (active attack) (Oppliger, 1999).
- -
Likewise, if a mobile agent is recognized to be gentle, it can never be assured that the platform it is staying upon may be venomous to it or not and may extract sensitive information from the agent, warp it, or even exploit it for the vicious activities since agent platforms have complete control over the agents during execution (Jansen & Karygiannis, 1999).
Last decade has revealed numerous efforts from researchers as shown in Table 1, providing techniques or models to conquer security risks but malicious mobile agents still exist as a hurdle in a way to widely deploy the Mobile Agent technology in a distributed environment. In this paper, a self-adaptive IV-Phase security architecture is proposed, protecting Mobile Agent Platform (MAP) from malicious mobile agents. The architecture is inspired by the Biological Immune System (BIS) and the performance of the proposed architecture is evaluated using metrics such as “False Negatives'', “False Positives'', “True Positives'', “True Negatives'', “Sensitivity Rate'', “Specificity Rate'', “Accuracy Rate'', “Miss Rate'', “Positive Predictive Value'', “Negative Predictive Value'', “Fall-out'' and “Receiver Operating Characteristic - Area Under Curve'', employing 5-fold cross validation Scheme on a large collection of non-malicious and malicious files.
In recent years, the Biological Immune system (BIS) has been the target of considerable research interest in the area of malicious detection, aiming for better performance After examining the potent natural mechanism cautiously, many computer scientists have proposed Artificial Immune System based Computer models to solve several problems ranging from malicious detection to combinatoric optimization and to clustering or classification (Hart and Timmis, 2008, Zheng et al., 2010). An Artificial Immune System based MAP protection was earlier proposed in (Venkatesan, Baskaran, Chellappan, Vaish, & Dhavachelvan, 2013), and achieved good results. However, the time complexity is quite high. Moreover, it doesn't prevent all the attacks.
The BIS generally begins when a “pathogen'' (foreign substance) enters the biological structure (or body). The proteins on the surface of a pathogen are called “Antigens'' which trigger the immune system into producing antibodies (using B-plasma cells) specific to that antigen. The immune system possesses two types of responses: primary and secondary. If the pathogen comes first time to body (primary response occurs), the macrophages ingest it and display its antigen fragment on their cell surfaces. The macrophage having the antigen on its surface is called “Antigen Presenting Cell'' (APC). After that, APC interacts with “T-helper cells'' that identify the antigen available on the surface and grasp and memorize the antigen, thus train the human body for any further incursion from that antigen. This learning mechanism also creates the immune system's memory. If the antigen is not unique (or has been repeated), i.e. secondary response occurs, then “B-cells” recognize the antigens and killer cells directly start the function to kill the pathogen instead of once again processing the pathogen by macrophage (APC) (Venkatesan et al., 2013, Boudec and Sarafijanović, 2003). In designing proposed architecture, the following certain principles are adhered, which have been extracted from the study of immunology;
- -
The immune system is Diverse, i.e. different people are vulnerable to different microbes (Hunt & Cooke, 1996).
- -
The immune system is Adaptable, i.e. it learns how to distinguish new microbes as well as responds to those microbes and remembers them to assist future responses (Hofmeyr & Forrest, 2000).
- -
The immune system is Self-Protecting, i.e. it protects itself with the same mechanisms that protect the body.
These principles are regarded only as general guidelines for the design of proposed architecture. Also, the mimicking of Biological Immune system in all its details, is not a primary concern, rather it has been tried to capture those aspects of the Immune System that are the most relevant to constructing a robust MAP Security Architecture. At a high level of abstraction, the mapping between BIS and BIS inspired MAP Protection is depicted in Figs. 1 and 2. In a Mobile Agent Environment, the primary response corresponds to the activities done by the Malicious Classifier (MC) on entry of unknown mobile agent whereas the secondary response corresponds to the actions of Malicious Identification Scanner (MIS) to protect MAP against known malicious mobile agents.
The rest of the paper is organized in following way: Section 2 analyses the previous researches conducted in related areas of Mobile Agent Platform security and identifies the current state of art in security prospect. Section 3 sheds light on the formalization of proposed architecture and presents attacks’ formal classification in terms of attacker, agent platform components and security factors. Section 4 describes the materials and methods, which involve dataset, evaluation measures and proposed security architecture. Section 5 deals with the implementation details and discusses about the experimental and constructed result analyses of the proposed architecture with the existing related schemes. Finally, some conclusions are stated in Section 6 along with the directions for future work.
Section snippets
Analysis of previous researches
Over the past many years, prosperous research has been done on securing agent platform against malicious mobile agents. This section targets the analysis of various detection as well as prevention approaches proposed and developed so far.
Sandboxing technique (or Software-based isolation) is proposed as an isolated environment (a restricted area) for the execution of distrusted mobile agents (Wahbe, Lucco, Anderson, & Graham, 1994). This isolation bars the mobile agent from performing specific
Formalization of Attacks on MAP
As discussed in the previous section, the protection of MAP is still a concern area for research due to various security attacks. In this section, these attacks are formalized as well as casted that are supposed to be resolved by the proposed architecture.
The “Attacks on Mobile Agent Platform” are formally expressed as: “ means the attacker “X” performs an attack on agent platform “P”, which affects “PC” component of agent platform and compromises the factor “Z” of security”.
Materials & methods
The prime requirement for every MAS application is: each co-operating platform in the distributed system should provide an aid for executing mobile agents. But, these platforms are vulnerable to hazards of system attack by malicious agents with illegal codes, such as
- -
Exorbitant exhaustion of computing assets like CPU time and disk space caused by malicious agents, thereby limiting the benefits of assets to other legitimate platform users (Karnik & Tripathi, 2001).
- -
The resources and services
Results and discussions
The proposed security architecture is implemented in the IBM Aglet server, using Java language, with the configuration of 4GB RAM and 2.50 GHz Core i5 Processor.
To prevent vulnerabilities arising due to the unavailability of authentication, a nonce based authentication is performed. The concept of nonce is used to assure that the particular mobile agent is not sent by the agent owner or masquerader more than once (Kaufman, Perlman, & Speciner, 2002). The Rivest Shamir Andleman (RSA) is used for
Conclusions and future work
The malicious mobile agents roving in the distributed network poses a serious threat to the Mobile Agent Platforms. This paper proposes a new MAP security architecture which is inspired by a Biological Immune System. The use of agent owner verification, agent byte code integrity checking and RBAC policy file checking serve the prime criteria of identifying the malicious agent. But the agent from an authorized owner can also cause harm to MAP with its malicious contents. With the aim to assist
References (68)
- et al.
Mobile agents and Java mobile agents toolkits
Telecommunication Systems
(2001) Countermeasures for mobile agent security. Computer communications
Special Issue on Advanced Security Techniques for Network Protection
(2000)- et al.
Learning API usages from bytecode: A statistical approach
- et al.
CBM: Free, automatic malware analysis framework using API call sequences
- et al.
N-gram-based detection of new malicious code
- et al.
Detection of new malicious code using N-grams signatures
(2004) - et al.
An overview of security issues and techniques in mobile agents
In Proceedings of the 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS’04)
(2004) - et al.
Mobile agents technology and mobility
- et al.
Mobile agents for network management
IEEE Communication Surveys
(1998) - et al.
An artificial immune system approach to misbehavior detection in mobile ad hoc networks
Biologically Inspired Approaches to Advanced Information Technology, LNCS
(2004)
A security framework for a mobile agent system
Path-history-based access control model for mobile agents
International Journal of Parallel, Emergent and Distributed Systems
N-gram-based text categorization
Episode based masquerade detection
ICISS 2005, LNCS
Trends in mobile agent applications
Journal of Research and Practice in Information Technology
Half-dynamic classification method on obfuscated malicious javascript detection
International Journal of Security and its Applications
Security for mobile agents: Authentication and state appraisal
Lectures on Computer Security- ESORICS 96, LNCS
A study using n-gram features for text categorization
Technical Report, OEFAI-TR-9830
Data mining: Concepts and techniques
Application areas of AIS: The past, the present and the future
Applied Soft Computing
On mobile code security
Architecture for an artificial immune system
Evolutionary Computation
Learning using an artificial immune system
Journal of Network and Computer Applications
Security of mobile agent platforms using access control and cryptography
Byte level n-Gram analysis for malware detection
Communications in Computer and Information Science
NIST special publication 800-19 – mobile agent security
Text categorization with support vector machines: Learning with many relevant features
Machine Learning
Security in mobile agents systems
PhD Dissertation, department of computer sciences and engineering
Security in the Ajanta mobile agent system
Software - Practice and Experience
Network security – private communication in the public world
Comparative study of supervised learning methods for malware analysis
Journal of Telecommunications and Information Technology
Seven good reasons for mobile agents
Communications of the ACM
Cited by (5)
A security framework for mobile agent systems
2024, Automated Software EngineeringA systematic mapping study on agent mining
2022, Journal of Experimental and Theoretical Artificial IntelligenceAn intrusion intention analysis algorithm based on attack graph
2021, International Journal of Circuits, Systems and Signal ProcessingAn Intelligent Security Defensive Model of SCADA Based on Multi-Agent in Oil and Gas Fields
2020, International Journal of Pattern Recognition and Artificial IntelligenceA survey: Agent-based software technology under the eyes of cyber security, security controls, attacks and challenges
2019, International Journal of Advanced Computer Science and Applications