Agent-Based Model of Computer Network Security System: A Case Study

  • Vladimir I. Gorodetski
  • O. Karsayev
  • A. Khabalov
  • I. Kotenko
  • Leonard J. Popyack
  • Victor Skormin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2052)


The paper considers a multi-agent model of a computer networks security system, which is composed of particular autonomous knowledge-based agents, distributed over the hosts of the computer network to be protected and cooperating to make integrated consistent decisions. The paper is focused on an architecture, implementation and simulation of a case study aiming at exploration distinctions and potential advantages of using such an architecture for the computer network protection. The paper describes the conceptual model and architecture of the particular specialized agents and the system on a whole as well as implementation technology. Simulation scenario, input traffic model and peculiarities of the distributed security system operation are described. The major attention is paid to the intrusion detection task and agents interactions during detection of an attack against the computer network. The advantages of the proposed model of a computer networks security system are discussed.


Computer Network Intrusion Detection Mobile Agent Intrusion Detection System Security Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner E.: State of the Practice of Intrusion Detection Technologies. In: Technical Report CMU/SEI-99-TR-028. Carnegie Mellon Software Engineering Institute (2000)Google Scholar
  2. 2.
    Asaka, M., Okazawa, S., Taguchi, A., Goto S.: A Method of Tracing Intruders by Use of Mobile Agents. In: Proceedings of INET’99 (1999)Google Scholar
  3. 3.
    Bace R.: Intrusion Detection. Indianapolis, Macmillan Computer Publishing (1999)Google Scholar
  4. 4.
    Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni D.: An Architecture for Intrusion Detection Using Autonomous Agents. Coast TR 98-05. West Lafayette, COAST Laboratory, Purdue University (1998)Google Scholar
  5. 5.
    BonifácioJr., Cansian, A., Moreira E., and de Carvalho A.: An Adaptive Intrusion Detection System Using Neural Networks. Proceedings of the IFIP World Computer Congress-Security in Information Systems, IFIP-SEC’98, Chapman & Hall, Vienna, Austria (1998)Google Scholar
  6. 6.
    Conner, M., Patel, C., Little M.: Genetic Algorithm/Artificial Life Evolution of Security Vulnerability Agents. In: Proceedings of 3rd Annual Symposium on Advanced Telecommunications & Information Distribution Research Program (ATIRP). Army Research Laboratory, Federal Laboratory (1999)Google Scholar
  7. 7.
    Crosbie, M., Spafford G.: Applying Genetic Programming to Intrusion Detection. In: Proceedings of the AAAI Fall Symposium on Genetic Programming. Cambridge, Menlo Park, CA, AAAI Press (1995)Google Scholar
  8. 8.
    Dasgupta, D.: Immunity-Based Intrusion Detection System: A General Framework. In: Proceedings of the 22nd National Information Systems Security Conference, USA (1999)Google Scholar
  9. 9.
    Helmer, G., Wong, J., Honavar, V., Miller, L.: Intelligent Agents for Intrusion Detection. In: Proceedings of the 1998 IEEE Information Technology Conference, Environment for the Future, Syracuse, NY, IEEE (1998)Google Scholar
  10. 10.
    Gorodetski, V., Kotenko, I., Skormin, V.: Integrated Multi-Agent Approach to Network Security Assurance: Models of Agents’ Community. In: Information Security for Global Information Infrastructures, IFIP TC11 Sixteenth Annual Working Conference on Information Security, Qing, S., Eloff J.H.P (eds), Beijing, China (2000)Google Scholar
  11. 11.
    Jacobs, S., Dumas, D., Booth, W., Little, M.: Security Architecture for Intelligent Agent Based Vulnerability Analysis. In: Proceedings of 3rd Annual Symposium on Advanced Telecommunications & Information Distribution Research Program (ATIRP) Army Research Laboratory, Federal Laboratory (1999)Google Scholar
  12. 12.
    Jansen, W., Mell, P., Karygiannis, T., Marks D.: Mobile Agents in Intrusion Detection and Response. In: Proceedings of the 12th Annual Canadian Information Technology Security Symposium, Ottawa, Canada (2000)Google Scholar
  13. 13.
    Karjoth, G., Lange, D., Oshima, M.: A Security Model for Aglets. In: IEEE Internet Computing (1997)Google Scholar
  14. 14.
    Lee, W., Stolfo, S.J., Mok, K.: A Data mining Framework for Building Intrusion Detection Model. In: Proceedings of the IEEE Symposium on Security and Privacy (1999)Google Scholar
  15. 15.
    Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. (1998)Google Scholar
  16. 16.
    Queiroz, J., Carmo, L., Pirmez, L.: MICAEL: An Autonomous Mobile Agent System to Protect New Generation Networked Applications. In: Proceedings of Second International Workshop on the Recent Advances in Intrusion Detection, West Lafayette, USA. (1999)Google Scholar
  17. 17.
    Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a Computer Immune System. In: Proceedings of the 1997 New Security Paradigms Workshop (1998)Google Scholar
  18. 18.
    White, G., Fisch, E., Pooch, U.: Cooperating Security Managers: A Peer-Based Intrusion Detection System. In: IEEE Network, Vol. 10(1) (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Vladimir I. Gorodetski
    • 1
  • O. Karsayev
    • 1
  • A. Khabalov
    • 1
  • I. Kotenko
    • 1
  • Leonard J. Popyack
    • 2
  • Victor Skormin
    • 3
  1. 1.St. Petersburg Institute for Informatics and AutomationRussia
  2. 2.USAF Research LaboratoryInformation DirectorateUSA
  3. 3.Binghamton UniversityUSA

Personalised recommendations