Vidal's library| Title: | A Prototype MultiAgent Network Security System |
| Author: | Taraka Peddireddy and José M. Vidal |
| Book Tittle: | Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems |
| Pages: | 1094-1095 |
| Year: | 2003 |
| Abstract: | Distributed Internet-based attacks on computer systems are becoming more prevalent. These attacks usually employ some form of automation and involve the compromise of many systems across the Internet; systems which are not necessarily owned by the same company or individual. The information needed to detect and neutralize these attacks is spread across many machines. A system administrator who wishes to detect and handle these distributed attacks must constantly monitor his systems and communicate with other administrators around the world---a challenging task. In this paper we present our design and implementation of a multi-agent system, built using FIPA-OS, in which agents responsible for different network realms communicate with each other in order to determine if certain suspicious events are actually part of a distributed attack, and to warn each other about possible threats. We describe the event types which, we have found, flag the presence of suspicious activities and trigger the agents into action. We explain the various interaction protocols that we have implemented in order to handle these suspicious events. We discuss issues and requirements involved in standardizing formats and architectures for the distributed management of intrusion detection. Finally, we present the results of some of the tests we have performed on our system. |
Cited by 3 - Google Scholar
@InProceedings{peddireddy03a,
author = {Taraka Peddireddy and Jos\'{e} M. Vidal},
title = {A Prototype MultiAgent Network Security System},
booktitle = {Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems},
year = 2003,
pages = {1094-1095},
abstract = {Distributed Internet-based attacks on computer
systems are becoming more prevalent. These attacks
usually employ some form of automation and involve
the compromise of many systems across the Internet;
systems which are not necessarily owned by the same
company or individual. The information needed to
detect and neutralize these attacks is spread across
many machines. A system administrator who wishes to
detect and handle these distributed attacks must
constantly monitor his systems and communicate with
other administrators around the world---a
challenging task. In this paper we present our
design and implementation of a multi-agent system,
built using FIPA-OS, in which agents responsible for
different network realms communicate with each other
in order to determine if certain suspicious events
are actually part of a distributed attack, and to
warn each other about possible threats. We describe
the event types which, we have found, flag the
presence of suspicious activities and trigger the
agents into action. We explain the various
interaction protocols that we have implemented in
order to handle these suspicious events. We discuss
issues and requirements involved in standardizing
formats and architectures for the distributed
management of intrusion detection. Finally, we
present the results of some of the tests we have
performed on our system.},
url = {http://jmvidal.cse.sc.edu/papers/peddireddy03a.pdf},
keywords = {multiagent security},
googleid = {68bBNNBXeoUJ:scholar.google.com/},
cluster = {9618096505953044203}
}
Last modified: Wed Mar 9 10:15:41 EST 2011