A cooperative agent-based model for active security systems

Authored by M Zaki, TS Sobh

Date Published: 2004-11

DOI: 10.1016/j.jnca.2004.02.002

Sponsors: No sponsors listed

Platforms: Java

Model Documentation: Other Narrative Flow charts

Model Code URLs: Model code not found

Abstract

This paper presents a multi-agent model for implementing active security concepts. In this model, a group of agents can carry out their tasks cooperatively in order to achieve an ultimate security goal. Thus a low-level module of the proposed model reads the values of interesting data items of the relevant current network events and passes them to a relational database. Comparing these measurements against predefined values in an intruder signature database may point to a particular attack. The proposed model consists of two parts. (1) A multiagent Intrusion Detection System (MIDS) for detecting attacks. (2) An Active Security Mechanism (ASM) for taking active, network-wide, response against attackers. The proposed approach provides a customizable host environment built from various systems software components to allow an optimal match between the intrusion circumstances and the underlying security architecture. Thus, different frameworks can support alternative responses of existing security services. In addition, the ASM can take rapid response against attacks by making use of sensible sharing of attack intelligence. System agents communicate with each other on different hosts using an agent communication language through a message router. (C) 2004 Elsevier Ltd. All rights reserved.

Tags

active security agent communication language intrusion detection mobile agent network-based security