Центр стратегических оценок и прогнозов

System intrusion detection and incident response-based mobile software agents

Material posted: -Publication date: 17-09-2005

Beginning in September 1997 at the U.S. National Institute of standards and technology (NIST), together with a number of firms, with the financial support of the national security Agency is implementing a project designed to assess the prospects of using the technology of mobile monitoring agents to ensure the security of computer systems.

The aim of the project is the study of ways of using the technology of mobile agents to improve the performance of software, information security, and study ways to protect the technology of mobile agents.

In recent work on the project focused on the development of technologies of privilege management of mobile agents based on digital signatures and digital certificates, which is closely associated with the ongoing NIST work to develop the national infrastructure for public-key cryptosystems (PKI), as well as the possibility of applying mobile agents to improve the performance of intrusion detection systems.

The content

1. Introduction to the problem. 4

2. The technology of mobile agents. 5

3. Major works.. 7

3.1. Self-configuring agents for intrusion detection. 7

3.2. Hummingbird. 8

3.3. The Java agents for motobecane. 8

3.4. Intelligent agents for intrusion detection. 9

3.5. The research programme of promising telecommunications and information distribution 9

3.6. The intrusion detection system based on agents. 10

4. Requirements for the intrusion detection system. 10

4.1. Functional requirements. 11

4.2. Requirements for the operation of 13..

5. Mobile agents for intrusion detection. 14

5.1. Advantages. 14

5.2. Overcoming network latency. 14

5.3. To reduce the load on the network. 15

5.4. Asynchronous execution and autonomy. 16

5.5. The structure and composition. 16

5.6. Dynamic adaptation. 17

5.7. Running in heterogeneous environments. 17

5.8. Sustainable and resilient behavior. 18

5.9. Scalability. 19

6. Disadvantages. 20

6.1. Protection. 20

6.2. Performance. 21

6.3. The size of the code. 22

6.4. The lack of a priori knowledge. 22

6.5. Limitations of the study multi-agent technology. 22

6.6. The difficulty of programming and implementation. 23

7. Innovations in intrusion detection systems. 23

8. Useful properties of multi-agent systems.. 24

9. The field of research. 25

9.1. Multipoint detection. 26

9.2. Structure, resistant to attack.. 27

9.3. Generalized interfaces.. 27

9.4. The sharing of knowledge. 28

9.5. Roaming agents. 29

9.6. Unpredictability. 30

9.7. Genetic diversity. 31

10. New approaches to the organization of the response to the invasion. 32

10.1. Existing mechanisms of response. 33

10.2. Perfect the mechanisms of response. 34

10.3. Automated response based on mobile agents. 35

10.4. The field of research. 36

10.5. Automated tracking of the attacker. 36

10.6. Automated collection of evidence. 37

10.7. Operations of mobile agents on the host computer of the attacker. 38

10.8. Operations of mobile agents on the target computer. 39

10.9. The isolation of the attacker or the target computer. 39

10.10. Operations of mobile agents in the subnet of the attacker and target subnet. 40

Conclusion 41..

Tags: security , threat