Advertisement

Intelligent Assessment of Distributed Security in TCP/IP Networks

  • Rui Costa Cardoso
  • Mário Marques Freire
Conference paper
  • 268 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3079)

Abstract

With the increase of the dynamics of networks interconnection, security issues became a critical point that needs to be considered. The widely adopted solution considers a mix of routers, switches, firewalls and virtual private networks (VPNs) together with the deployment of intrusion detection systems (IDSs) and vulnerability assessment tools. In a proactive approach for intrusions, vulnerability assessment tools allow the detection of vulnerabilities, before they could be exploited. In this paper, we propose an extension to this model, by using a distributed approach based on software agents, to correctly evaluate the network security risks, making an assessment of the distributed security. Based in this model, we develop an algorithm for detecting and enumerating security risks in each active element of a network. The information gathered was used to build a security knowledge assessment. Using these techniques, the information is faster disseminated, which could lead to a more updated assessment of the security issues in the network. There is also an increasing of the awareness to security, since the network managers are more focused on the reported security issues.

Keywords

Multiagent System Intrusion Detection Vulnerability Assessment Security Policy Intrusion Detection System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Gruteser, M., Grunwald, D.: A Methodological Assessment of Location Privacy Risks in Wireless Hotspot Networks. In: Proceedings of First International Conference on Security in Pervasive Computing, Boppard, Germany (2003)Google Scholar
  2. 2.
    Wooley, G.L.: Results of Classroom Enterprise Security Assessment of Five Large Enterprise Networks. Journal of Computing in Small Colleges 18(3), 185–195 (2003)Google Scholar
  3. 3.
    Securitymetrics: Integrated Vulnerability Assessment, Intrusion Detection and Prevention. Technical White Paper, Securitymetrics (2003)Google Scholar
  4. 4.
    Bace, R.: An Introduction to Intrusion Detection & Assessment. Technical White Paper, ICSA (1999)Google Scholar
  5. 5.
    Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Computer Security: Security Metrics Guide for Information Technology Systems. Information Technology Laboratory, National Institute of Standards and Technology, Special Publication 800-55Google Scholar
  6. 6.
  7. 7.
  8. 8.
    Qualys: On-Demand Security Audits and Vulnerability Management: A Proactive Approach to Network Security. Technical White Paper, Qualys (2003) Google Scholar
  9. 9.
    Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: Architecture for Intrusion Detection Using Autonomous Agents. Technical Report 98/05, Purdue University (1998)Google Scholar
  10. 10.
    Huang, T.-C., Hu, Y.-J.: Incentives of Agent-Based Distributed Intrusion Detection Systems on the Open Internet. In: Proceedings of the International Conference on Security and Management (2002)Google Scholar
  11. 11.
    Pedireddy, T., Vidal, J.M.: A Prototype MultiAgent Network Security System. In: Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS 2003), Melbourne, Australia (2003)Google Scholar
  12. 12.
    Torrellas, G. A. S., Vargas, L., A. V.: Modelling Flexible Network Security Systems Using Multi-Agents Systems: Security Assessment Considerations. In: Proceedings of the 1st International Symposium on Information and Communication Technologies, Dublin, Ireland, pp. 365-371 (2003) Google Scholar
  13. 13.
    Givans, N., Bartol, N., Gallaghe, L. A., Kormos, C.: Using Security Metrics to Assess Risk Management Capabilities. In: Proceedings of the 22nd National Information Systems Security Conference (1999) Google Scholar
  14. 14.
    Lowans, P.W.: Implementing a Network Security Metrics Program. GIAC Security Essentials Certification, Technical Paper (2001)Google Scholar
  15. 15.
    Lee, R.: Network Security: Determining Your Risk Index. Novell Systems Research (1996)Google Scholar
  16. 16.
    Al-Tawil, K., Al-Kaltham, I.A.: Evaluation and Testing of Internet Firewalls. International Journal of Network Management 9, 135–149 (1999)CrossRefGoogle Scholar
  17. 17.
    Mell, P.: Understanding the World of your Enemy with I-CAT (Internet-Categorization of Attacks Toolkit). In: Proceedings of 22nd National Information System Security Conference (1999)Google Scholar
  18. 18.
    Cardoso, R. C., Freire, M. M.: Management of Security in TCP/IP Hosts Using Dedicated Monitoring Applications. In: Gaïti, D., Pujolle, G., Al-Naamany, A. M., Bourdoucen, H., Khriji, L. (Eds.): Network Control and Engineering for QoS, Security and Mobility. Kluwer Academic Publishers, Boston, pp. 263-273 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Rui Costa Cardoso
    • 1
  • Mário Marques Freire
    • 1
  1. 1.Department of InformaticsUniversity of Beira Interior

Personalised recommendations

Cite paper

Buy options