W. Jansen, P. Mell, T. Karygiannis, and D. Marks, "Applying mobile agents to intrusion detection and response," National Institute of Standards and Technology, Computer Security Division, 1999. [Online]. Available: http://csrc.nist.gov/publications/nistir/ ir6416.pdf  Home/Search   Document Details and Download   Summary   Related Articles   Check

....While visiting the network in an autonomous manner, MAs can interact with each other. In order to accomplish their task, MAs can also gather data and use services present on visited hosts. To date, only a few investigations have been undertaken to develop MA based response schemes to intrusions [5] [6] even if MA technology seems to exhibit good properties to accomplish this task. As in [5] we advocate the recourse to MA technology for supporting the answer to intrusions rather than exclusively for detecting intrusions. Uesful MA characteristics that could be retained for the answer ....

....to accomplish their task, MAs can also gather data and use services present on visited hosts. To date, only a few investigations have been undertaken to develop MA based response schemes to intrusions [5] 6] even if MA technology seems to exhibit good properties to accomplish this task. As in [5], we advocate the recourse to MA technology for supporting the answer to intrusions rather than exclusively for detecting intrusions. Uesful MA characteristics that could be retained for the answer are: ffl the rapidity of execution due to the small quantityof code the MA represents when ....

[Article contains additional citation context not shown here]

W. Jansen, P. Mell, T. Karygiannis, and D. Marks. Applying mobile agents to intrusion detection and response. Technical report, National Intitut of Sandard and Technology,Interim Report 6416, September 1999.

....with ever changing attackers goals and their increasing abilities supported by sophisticated attack tools. Moreover, these systems need to provide facilities that easily integrate human analysis as part of event diagnosis. Monitoring systems also need to secure themselves against attacks. In [4], the mobile agent paradigm has been identi ed as a natural solution to implement monitoring systems. Regarding potential security solutions, William Wulf remarked [5] Instead of having perimeter defense, you have lots of agents running 1 around seeing if something bad is happening and ....

.... for Mobile Agent Based Approach In our research, a mobile agent based approach is used because it provides several capabilities such as local monitoring to overcome network latency and reduce network load, asynchronous execution, disconnected and autonomous operations, and dynamic adaptability [4]. A mobile agent represents an object capable of migrating in a network to perform designated tasks at one or more nodes [9, 10] In our monitoring system, mobile agents are sent to continuously monitor nodes in a network, perform data ltering locally, and notify other system components of any ....

Jansen, W., Mell, P., Karygiannis, T., Marks, D.: Applying Mobile Agents to Intrusion Detection and Response. National Institute of Standards and Technology Interim Report - 6416 (1999)

....Micael [4] pursues a more ambitious aim where each system component is realized as a mobile agent. Unfortunately, only a high level system design has been presented and no details have followed so far. The potential advantages of mobile agents in intrusion detection systems are summarized in [5] and [6] 7 Conclusion The automatic update and integration of new devices into the intrusion detection process is vital for maintaining an adequate security standard in dynamic network environments. When devices or sensors have to be manually updated or integrated into a running ID system, no ....

Wayne Jansen, Peter Mell, Karygiannis, and Don Marks. Applying mobile agents to intrusion detection and response. Interim Report (IR) 6416, NIST, October 1999.

....of being able to detect previously unknown attacks. This advantage is paid for with a large number of false positives and the diculty of training a system for a very dynamic environment. Mobile agents have sometimes been advocated as a means to perform intrusion detection in distributed systems [13, 16, 3, 29]. In this context, intrusion detection systems are designed as mobile applications that roam the network to detect attacks and track intruders. The approach described in this paper takes a di erent perspective. The approach focuses on the detection of attacks against mobile agent systems and, in ....

W. Jansen, P. Mell, T. Karygiannis, and D. Marks. Applying mobile agents to intrusion detection and response. Technical Report 6416, NIST, October 1999.

....mobile agents, the computational load is divided between different machines and the network load is reduced. This enhances scalability and additionally supports fault resistant behavior. Unfortunately, the introduction of agents and agent platforms may also cause the following problems [8]. Security Introducing agents into an IDS causes several security implications that must be considered. On one hand, the host (and the agent platform) where an agent gets executed must be protected against malicious code. This can be done by signing agent s code and providing a valid ....

....movement around the network [7] Code Size An IDS is a complex piece of software and agents that implement its functionality might get rather large. Transferring the agent s code over the network may take some time, but it is only needed once, when each host stores agent code locally. [8] claims that agents get especially large when they encode operating system dependant parts, but one might consider putting these routines into the agent platform and offer a generic interface to agents (effectively overcoming this drawback) Performance Agents are often written in scripting ....

[Article contains additional citation context not shown here]

W. Jansen, P. Mell, Karygiannis, and D. Marks. Applying mobile agents to intrusion detection and response. Interim Report (IR) 6416, NIST, October 1999.

....Distributed mobile autonomous agents solve several critical problems in intrusion detection and provide a general architecture for adding and integrating components into the system. Monolithic, centralized systems have several faults which may be overcome by the use of a distributed architecture [8][9] Network intrusion detectors typically use single sensors attached to network segments. However, local area networks have moved towards switched architectures which do not broadcast unicast frames to all network segments. Centralized sensors will miss tra c on segments to which the sensor is ....

Wayne Jansen, Peter Mell, Tom Karygiannis, and Don Marks. Applying mobile agents to intrusion detection and response. Technical Report Interim Report - 6416, National Institute of Standards and Technology, October 1999.

.... research, so a mobile agent is also a paradigmatic software abstraction and includes autonomous behaviour (intelligence) Mobile agents are proposed for different tasks such as network search (more recently e commerce [HGF # 99] network management [BGP97] and network intrusion detection [JMKM99] On the network level, the emerging mobile code technology is called active networking [TSS # 97, CBZS98] The mobile code is often referred to as capsule and is directly integrated into the network traffic packets. Thus, the code flows directly on the communication path that is subject of ....

W. Jansen, P. Mell, T. Karygiannis, and D. Marks. Applying mobile agents to intrusion detection and response. Technical report, National Institute of Standards and Technology, October 1999.

No context found.

W. Jansen, P. Mell, T. Karygiannis, and D. Marks, "Applying mobile agents to intrusion detection and response," National Institute of Standards and Technology, Computer Security Division, 1999. [Online]. Available: http://csrc.nist.gov/publications/nistir/ ir6416.pdf

No context found.

W. Jansen, P. Mell, T. Karygiannis, D. Marks, Applying mobile agents to intrusion detection and response, National Institute of Standards and Technology, Computer Security Division (1999). URL http://csrc.nist.gov/publications/nistir/ ir6416.pdf

No context found.

W Jansen, P Mell, T Karygiannis and D Marks, "Applying mobile agents to intrusion detection and response", National Institute of Standards and Technology, Computer Security Division; 1999. Available from:http://csrc.nist.gov/publications/ nistir/ir6416.pdf.

No context found.

W. Jansen, P. Mell, T. Karygiannis, and D. Marks, "Applying mobile agents to intrusion detection and response," National Institute of Standards and Technology, Computer Security Division, 1999. [Online]. Available: http://csrc.nist.gov/publications/nistir/ ir6416.pdf

No context found.

W. Jansen, P. Mell, T. Karygiannis, D. Marks. (1999) Applying Mobile Agents to Intrusion Detection and Response. NIST Interim Report OR) - 6416.

No context found.

Jansen, W., Mell, P., and andDon Marks, T. K. (1999). Applying Mobile Agents to Intrusion Detection and Response. Technical Report IR-6416, National Institute of Standards and Technology, Computer Security Division.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC