Vidal's library
Title: A Prototype MultiAgent Network Security System
Author: Taraka Peddireddy and José M. Vidal
Book Tittle: Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems
Pages: 1094-1095
Year: 2003
Abstract: Distributed Internet-based attacks on computer systems are becoming more prevalent. These attacks usually employ some form of automation and involve the compromise of many systems across the Internet; systems which are not necessarily owned by the same company or individual. The information needed to detect and neutralize these attacks is spread across many machines. A system administrator who wishes to detect and handle these distributed attacks must constantly monitor his systems and communicate with other administrators around the world---a challenging task. In this paper we present our design and implementation of a multi-agent system, built using FIPA-OS, in which agents responsible for different network realms communicate with each other in order to determine if certain suspicious events are actually part of a distributed attack, and to warn each other about possible threats. We describe the event types which, we have found, flag the presence of suspicious activities and trigger the agents into action. We explain the various interaction protocols that we have implemented in order to handle these suspicious events. We discuss issues and requirements involved in standardizing formats and architectures for the distributed management of intrusion detection. Finally, we present the results of some of the tests we have performed on our system.

Cited by 3  -  Google Scholar

@InProceedings{peddireddy03a,
  author = 	 {Taraka Peddireddy and Jos\'{e} M. Vidal},
  title = 	 {A Prototype MultiAgent Network Security System},
  booktitle = 	 {Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems},
  year =	 2003,
  pages = 	 {1094-1095},
  abstract = 	 {Distributed Internet-based attacks on computer
                  systems are becoming more prevalent. These attacks
                  usually employ some form of automation and involve
                  the compromise of many systems across the Internet;
                  systems which are not necessarily owned by the same
                  company or individual. The information needed to
                  detect and neutralize these attacks is spread across
                  many machines. A system administrator who wishes to
                  detect and handle these distributed attacks must
                  constantly monitor his systems and communicate with
                  other administrators around the world---a
                  challenging task. In this paper we present our
                  design and implementation of a multi-agent system,
                  built using FIPA-OS, in which agents responsible for
                  different network realms communicate with each other
                  in order to determine if certain suspicious events
                  are actually part of a distributed attack, and to
                  warn each other about possible threats. We describe
                  the event types which, we have found, flag the
                  presence of suspicious activities and trigger the
                  agents into action. We explain the various
                  interaction protocols that we have implemented in
                  order to handle these suspicious events. We discuss
                  issues and requirements involved in standardizing
                  formats and architectures for the distributed
                  management of intrusion detection. Finally, we
                  present the results of some of the tests we have
                  performed on our system.},
  url = 	 {http://jmvidal.cse.sc.edu/papers/peddireddy03a.pdf},
  keywords = 	 {multiagent security},
  googleid = 	 {68bBNNBXeoUJ:scholar.google.com/},
  cluster = 	 {9618096505953044203}
}
Last modified: Wed Mar 9 10:15:41 EST 2011