A Biological Immune System (BIS) inspired Mobile Agent Platform (MAP) security architecture

Highlights

• A self-adaptive IV-phase Mobile Agent Platform Security Architecture is proposed.

• Use of nonce-based authentication strengthens the agent owner verification.

• Exact pattern matching algorithm detects known malicious mobile agents.

• N-gram features based classification detects unknown malicious mobile agents.

• Use of feature selection methods improves the classification accuracy.

Abstract

The proliferation of malicious entities in the distributed environment poses various serious threats to the protection of Mobile Agent Platform (MAP). Numerous researches have been proposed to ward off the inherent security risks, though these solutions are not enough to identify and remove all the vulnerabilities. In this paper, a self-adaptive IV-Phase MAP Security Architecture is proposed, which is inspired by the Biological Immune System, with the prime objective of detecting unknown malicious mobile agents. In this context, data mining methods are studied for the detection of unknown malicious executable. In particular, Boyer Moore pattern matching algorithm and N-gram feature analysis of mobile agent using a k-Nearest Neighbor Classifier, facilitate the discovery of known and unknown malicious content from incoming mobile agent in the proposed architecture, and protects against the Man In The Middle (MITM) attack, the Masquerading Attack, the Replay attack, the Repudiation attack and the Unauthorized Access Attack. The architecture is designed and implemented in IBM Aglets. A comprehensive 5-fold cross validation scheme on a large collection of malicious and non-malicious files is performed while performing Classification technique involving Feature Selection Method. The propitious experimental outcomes express that the performance (time and security) and accuracy of proposed architecture outperform the earlier known related schemes and makes the proposed architecture suitable for MAP protection in the Mobile Agent Environment (MAE). Above all, these findings exhibit wide-ranging newness, since the concept of machine learning has never been employed so far in the sphere of Mobile Agents System (MAS). Hence the proposed work is likely to be of great interest to the researchers who particularly deal with MAS security.

Introduction

In present era, one of the emanating paradigms for structuring applications over the Internet is Mobile Agent technology, due to its effective characteristics like autonomy, intelligence, adaptability, flexibility etc. (Aneiba & Rees, 2004). It has been engaged in many sectors from the network management exercises to the information management (Bieszczad et al., 1998, Satoh, 2003). It affords an infrastructure not only for executing autonomous agents but also for dispatching them between different computers. Thus, a mobile agent is not restricted to the platform where it is written or created; rather it travels freely among different machines (Urra, IIarri, Trillo, & Mena, 2009). Moreover, the agent defers its computations at one platform, moves to another with its state, data and code, and recommences the execution there (Eid, Artail, Kayssi, & Chehab, 2005). Autonomy and mobility are underlined as a cornerstone of the agent (Horvat, Cvetković, & Milutinović, 2001).

Despite the fact that mobile agents present many advantages to the distributed computing including network load reduction, overcoming network latency, executing dynamically, asynchronously and autonomously (Lange & Oshima, 1999); the security alone is a massive problem that shades down its global acceptance.

• The mobile agents while roving in a network bring with them the fear of viruses, Trojan horses and other invasive means or entities (Thomsen & Thomsen, 1997). This is because the attacks can be occurred when the mobile agent traverses in the communication channel and there may be some attackers overhearing the network either to gain some of the information carried by the agent (passive attack) or altering that information for their own benefits (active attack) (Oppliger, 1999).

• Likewise, if a mobile agent is recognized to be gentle, it can never be assured that the platform it is staying upon may be venomous to it or not and may extract sensitive information from the agent, warp it, or even exploit it for the vicious activities since agent platforms have complete control over the agents during execution (Jansen & Karygiannis, 1999).

Last decade has revealed numerous efforts from researchers as shown in Table 1, providing techniques or models to conquer security risks but malicious mobile agents still exist as a hurdle in a way to widely deploy the Mobile Agent technology in a distributed environment. In this paper, a self-adaptive IV-Phase security architecture is proposed, protecting Mobile Agent Platform (MAP) from malicious mobile agents. The architecture is inspired by the Biological Immune System (BIS) and the performance of the proposed architecture is evaluated using metrics such as “False Negatives'', “False Positives'', “True Positives'', “True Negatives'', “Sensitivity Rate'', “Specificity Rate'', “Accuracy Rate'', “Miss Rate'', “Positive Predictive Value'', “Negative Predictive Value'', “Fall-out'' and “Receiver Operating Characteristic - Area Under Curve'', employing 5-fold cross validation Scheme on a large collection of non-malicious and malicious files.

In recent years, the Biological Immune system (BIS) has been the target of considerable research interest in the area of malicious detection, aiming for better performance After examining the potent natural mechanism cautiously, many computer scientists have proposed Artificial Immune System based Computer models to solve several problems ranging from malicious detection to combinatoric optimization and to clustering or classification (Hart and Timmis, 2008, Zheng et al., 2010). An Artificial Immune System based MAP protection was earlier proposed in (Venkatesan, Baskaran, Chellappan, Vaish, & Dhavachelvan, 2013), and achieved good results. However, the time complexity is quite high. Moreover, it doesn't prevent all the attacks.

The BIS generally begins when a “pathogen'' (foreign substance) enters the biological structure (or body). The proteins on the surface of a pathogen are called “Antigens'' which trigger the immune system into producing antibodies (using B-plasma cells) specific to that antigen. The immune system possesses two types of responses: primary and secondary. If the pathogen comes first time to body (primary response occurs), the macrophages ingest it and display its antigen fragment on their cell surfaces. The macrophage having the antigen on its surface is called “Antigen Presenting Cell'' (APC). After that, APC interacts with “T-helper cells'' that identify the antigen available on the surface and grasp and memorize the antigen, thus train the human body for any further incursion from that antigen. This learning mechanism also creates the immune system's memory. If the antigen is not unique (or has been repeated), i.e. secondary response occurs, then “B-cells” recognize the antigens and killer cells directly start the function to kill the pathogen instead of once again processing the pathogen by macrophage (APC) (Venkatesan et al., 2013, Boudec and Sarafijanović, 2003). In designing proposed architecture, the following certain principles are adhered, which have been extracted from the study of immunology;

• The immune system is Diverse, i.e. different people are vulnerable to different microbes (Hunt & Cooke, 1996).

• The immune system is Adaptable, i.e. it learns how to distinguish new microbes as well as responds to those microbes and remembers them to assist future responses (Hofmeyr & Forrest, 2000).

• The immune system is Self-Protecting, i.e. it protects itself with the same mechanisms that protect the body.

These principles are regarded only as general guidelines for the design of proposed architecture. Also, the mimicking of Biological Immune system in all its details, is not a primary concern, rather it has been tried to capture those aspects of the Immune System that are the most relevant to constructing a robust MAP Security Architecture. At a high level of abstraction, the mapping between BIS and BIS inspired MAP Protection is depicted in Figs. 1 and 2. In a Mobile Agent Environment, the primary response corresponds to the activities done by the Malicious Classifier (MC) on entry of unknown mobile agent whereas the secondary response corresponds to the actions of Malicious Identification Scanner (MIS) to protect MAP against known malicious mobile agents.

The rest of the paper is organized in following way: Section 2 analyses the previous researches conducted in related areas of Mobile Agent Platform security and identifies the current state of art in security prospect. Section 3 sheds light on the formalization of proposed architecture and presents attacks’ formal classification in terms of attacker, agent platform components and security factors. Section 4 describes the materials and methods, which involve dataset, evaluation measures and proposed security architecture. Section 5 deals with the implementation details and discusses about the experimental and constructed result analyses of the proposed architecture with the existing related schemes. Finally, some conclusions are stated in Section 6 along with the directions for future work.