Advertisement

SAPA: Software Agents for Prevention and Auditing of Security Faults in Networked Systems

  • Rui Costa Cardoso
  • Mário Marques Freire
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3391)

Abstract

This paper describes the design and implementation of a multi-agent system to detect and audit host security vulnerabilities. The system uses agent platforms allocated through the network to scan and interact with each host. The information collected by each agent is then used to build a common knowledge base that together with data retrieved from vulnerabilities information sources is used to improve the overall security. This approach reduces the total time to scan the network and the processing time overhead associated. The amount of traffic involved is also reduced. It allows the dissemination of updated knowledge about the network security status and reduces the communication with the network administrator. This solution provides an autonomous and proactive distributed system. It acts as a vulnerability assessment tool to make security notifications only if needed.

Keywords

Multiagent System Intrusion Detection Mobile Agent Intrusion Detection System Software Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Householder, A., Houle, K., Dougherty, C.: Computer Attack Trends Challenge Internet Security. IEEE Computer, Security and Privacy - Supplement, 5–7 (April 2002)Google Scholar
  2. 2.
    CERT, http://www.cert.org (Accessed 05/30/2004)
  3. 3.
    NIST: National Institute of Standards and Technology, http://www.nist.org (Accessed 05/30/2004)
  4. 4.
    Nessus, http://www.nessus.org (Accessed 05/30/2004)
  5. 5.
    SARA: The Security Auditors Research Assistant, http://www-arc.com/sara/ (Accessed 05/30/2004)
  6. 6.
    Securitymetrics. Integrated Vulnerability Assessment, Intrusion Detection and Prevention. Technical White Paper, Securitymetrics (2003)Google Scholar
  7. 7.
    Qualys. On-Demand Security Audits and Vulnerability Management: A Proactive Approach to Network Security. Technical White Paper, Qualys (2003)Google Scholar
  8. 8.
    Bace, R.: An Introduction to Intrusion Detection & Assessment. In: Technical White Paper, ICSA (1999)Google Scholar
  9. 9.
    Nmap, http://www.nmap.org (Accessed 05/30/2004)
  10. 10.
    Saint, http://www.saintcorporation.com (Accessed 05/30/2004)
  11. 11.
    Snort: Open source network intrusion detection system, http://snort.org (Accessed 05/30/2004)
  12. 12.
    Pedireddy, T., Vidal, J.M.: A Prototype Multiagent Network Security System. In: Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems AAMAS 2003, Melbourne, Australia, July 14-18 (2003)Google Scholar
  13. 13.
    Humphries, J.W., Pooch, U.W.: Secure Mobile Agents for Network Vulnerability Scanning. In: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, New York, United States, June 6-7, pp. 19–25 (2000)Google Scholar
  14. 14.
    Zhang, M., Karmouch, A., Impey, R.: Adding Security Features to FIPA Agent PlatformsGoogle Scholar
  15. 15.
    JADE (Java Agent DEvelopment Framework), http://jade.tilab.com
  16. 16.
    Cardoso, R.C., Freire, M.M.: An Agent-based Approach for Detection of Security Vulnerabilities in Networked Systems. In: Proceedings of 11th International Conference on Software, Telecommunications and Computer Networks (SoftCom 2003), Split, Dubrovnik (Croatia), Venice, Ancona (Italy), October 7- 10, pp. 49–53 (2003)Google Scholar
  17. 17.
    CVE: Common Vulnerabilities and Exposures, http://www.cve.mitre.org (Accessed 05/30/2004)
  18. 18.
    ICAT: Internet Categorization of Attacks Toolkit, http://icat.nist.gov (Accessed 05/30/2004)
  19. 19.
    Mell, P.: Understanding the World of your Enemy with I-CAT (Internet- Categorization of Attacks Toolkit). In: 22nd National Information System Security Conference (October 1999)Google Scholar
  20. 20.
    Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. James P. Anderson, Co., FortWashington (1980)Google Scholar
  21. 21.
    Martin, R.A.: Managing Vulnerabilities in Networked Systems. IEEE Computer 34(11), 32–38 (2001)Google Scholar
  22. 22.
    Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. IEEE Computer, Security and Privacy - Supplement, 27–29 (April 2002)Google Scholar
  23. 23.
    Manikopoulos, C., Papavassiliou, S.: Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Communications Magazine 40(10), 76–82Google Scholar
  24. 24.
    Kim, B., Jang, J., Chung, T.M.: Design of Network Security Control Systems for Cooperative Intrusion Detection. In: Chong, I. (ed.) ICOIN 2002. LNCS, vol. 2344, pp. 389–398. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Bellifemine, F., et al.: JADE - A FIPA-compliant agent framework. In: Proceedings of PAAM 1999, London, April 1999, pp. 97–108 (1999)Google Scholar
  26. 26.
    FIPA, http://www.fipa.org (Accessed 05/30/2004)
  27. 27.
    FIPA ACL Message Structure Specification, http://www.fipa.org/specs/fipa00061/ (Accessed 05/30/2004)
  28. 28.
    PortsDB (Ports Database), http://www.portsdb.org (Accessed 05/30/2004)
  29. 29.
    Labrou, Y., Finin, T., Peng, Y.: Agent communication languages: The current landscape. IEEE Intelligent Systems, 45–52 (March/April 1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Rui Costa Cardoso
    • 1
  • Mário Marques Freire
    • 1
  1. 1.Department of InformaticsUniversity of Beira InteriorCovilhãPortugal

Personalised recommendations

Cite paper

Buy options