ABSTRACT
This paper proposes a distributed intrusion detection system based on autonomous and mobile agents. The proposed system has four types of agents: connection agents, analyser agents, an administrator agent and a crisis agent. The system makes use of a Sniffer module to capture packets circulated on the network. A pattern matching approach is applied by the analyzer agents to scan the captured packets and detect eventual attacks. A prototype has been designed and implemented.
- M. Aashish 2004. Agents for Intrusion Detection. Web Site: www.cse.buffalo.edu/~sbraynov/seminar%202004/presenttations/Aashish.ppt.Google Scholar
- J. S. Balasubramaniyan,. J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, and. Zamboni D, June 1998. An architecture for intrusion detection using autonomous agents. Technical Report 98/05, COAST Laboratory - Purdue University.Google Scholar
- B. Bauer, H. Van Dyke Parunak, James Odell, (2001), "Extending UML for Agents" http://www.erim.org/~vparunak/.Google Scholar
- D. Boughaci et al, (2006a), "A Distributed Firewall using Autonomous Agents," in Proceedings of depcos-relcomex, International Conference on Dependability of Computer Systems (DEPCOS-RELCOMEX'06)}}, pp. 256--263. Google ScholarDigital Library
- D. Boughaci et al, (2006b), "A Distributed Intrusion Detection Framework based on Autonomous and Mobile Agents," in Proceedings of depcos-relcomex, International Conference on Dependability of Computer Systems (DEPCOS-RELCOMEX'06), pp. 248--255. Google ScholarDigital Library
- D. Boughaci and H. Drias, (2005), "Taboo Search as an Intelligent Agent for Bid Evaluation", in International journal of Internet and Enterprise Management, Inderscience Publisher, Vol 3, issue 2, pp 170--186.Google Scholar
- H. Debar, M. Becker, and D. Siboni, May 1992. A neural network component for an intrusion detection system. In Proceedings of the IEEE Symposium of Research in Computer Security and Privacy, pp 240--250. Google ScholarDigital Library
- H. Debar, M. Dacier, and A. Wespi, June 1998. Towards a taxonomy of intrusion-detection systems. Internal RZ 3030, IBM Zurich Research Laboratory, Saumerstrasse 4, CH-8803 Ruschlikon, Switzerland.Google Scholar
- Stan Franklin and Art Graesser, (1996), "Is it an Agent, or just a Program?: A Taxonomy for Autonomous Agents", in Proceedings of the Third International Workshop on Agent Theories, Architectures, and Languages, Springer-Verlag. Google ScholarDigital Library
- D, Gaiti and O. Martikainen (2002). Intelligent Agents for Telecommunication Environments. Innovative Technology Series, Information Systems and Networks. Lavoisier Library. Google ScholarDigital Library
- R. Guttman, and P. Maes, (1999), "Agents that Buy and Sell", Comm. ACM, 81--91, March 1999, Google ScholarDigital Library
- G. Helmer, J. Wong, J, M. Slagell, V. Honavar, L. Miller, Y. Wang, X. Wang, and N. Stakhanova. (2006) Software Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-based Intrusion Detection Systems. International Journal of Information and Computer Security. Vol. 1. No. 1. pp. In press. Google ScholarDigital Library
- G. Helmer, S. K. J. Wong, V. Honavar, L. Miller, Y. Wang, 2003. Lightweight agents for intrusion detection. The Journal of Systems and Software 67(2003) 109--122. Google ScholarDigital Library
- J. Hochberg, K. Jackson, C. Stallings, JF. McClary. D. DuBois. and J. Ford, NADIR: an automated system for detecting network intrusions and misuse. Computers and Security 12 3 (1993), pp. 235--248. Google ScholarDigital Library
- H. S. Javitz, A. Valdes, TF. Lunt, A. Tamaru. M. Tyson., and J. Lowrance., 1993. Next generation intrusion detection expert system (NIDES). Technical Report A016-Rationales, SRI.Google Scholar
- P. Noriega, and C. Sierra. (eds.).(1999) "Agent-Mediated Electronic Commerce", LNAI 1571, Springer, 1999. Google ScholarDigital Library
- S. Kumar and E. H. Spafford, 1994. A pattern-matching model for misuse intrusion detection. In Proceedings of the national computer security conference, pp 11--21.Google Scholar
- TF. Lunt and R. Jagannathan, 1988. A prototype real-time intrusion-detection expert system. In Proceedings of the IEEE Symposium on Security and Privacy, pp 59--66.Google Scholar
- L. Mé. Gassata, 1998. A genetic algorithm as an alternative tool for security audit trails analysis. In First international workshop on the Recent Advances in Intrusion Detection http://www.zurich.ibm.com/~dac/Prog_RAID98/Table_of_content.html.Google Scholar
- L. Mé and V. Alanou, 1996. Détection d'intrusion dans un système informatique: méthodes et outils. TSI, Revue des sciences et technologies de l'information 15(4):429--450.Google Scholar
- Phillip A. Porras and Peter G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In the National Information Systems Security Conference, October 1997.Google Scholar
- Vaccaro H. S and Liepins G. E, May 1989. Detection of anomalous computer session activity". In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Y. Wang, S. Behera, J. Wong, G. Helmer, V. Honavar, L. Miller and R. Lutz. (2006) Towards Automatic Generation of Mobiles Agents for Distributed Intrusion Detection Systems. Journal of Systems and Software. Vol. 79. pp. 1--14, 2006. Google ScholarDigital Library
- M. Wooldridge. N. R. Jennings, (1995), "Intelligent Agents: theory and practice", Knowledge engineering Review, pp 115--152.Google Scholar
- Wan Suwu, Amitabha Das, (2001). "An Agent System Architecture for E-commerce," dexa, p. 0715, 12th International Workshop on Database and Expert Systems Applications, 2001. Google ScholarDigital Library
- Q. Zhang and R. Janakiraman, "Indra: A Distributed Approach to Network Intrusion Detection and Prevention", Washington University Technical Report # WUCS-01-30, 2001.Google Scholar
- Aglets Web: http://www.trl.ibm.com/aglets/Google Scholar
- Java Web site http://java.sun.com/Google Scholar
- Design and implementation of a misused intrusion detection system using autonomous and mobile agents
Recommendations
A P2P intrusion detection system based on mobile agents
ACM-SE 42: Proceedings of the 42nd annual Southeast regional conferenceTraditional intrusion detection systems have a central coordinator with a static hierarchical architecture. We propose a peer-to-peer intrusion detection system that has no central coordinator. Our approach is like that of a "neighborhood watch". A ...
Intrusion detection with mobile agents
Implementing an effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, we argue that mobile agent technology goes a long way toward realizing the ideal behavior desired in an intrusion ...
An Intrusion Detection System for Aglets
MA '02: Proceedings of the 6th International Conference on Mobile AgentsMobile agent systems provide support for the execution of mobile software components, called agents. Agents acting on behalf of different users can move between execution environments hosted by different organizations. The security implications of this ...
Comments