Zamboni, D. M., and Spafford, E. H. Intrusion Detection using Autonomous Agents. Computer Networks -- Elsevier, pp. 547--570, vol. 34, num. 04, 2000.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Networked environments which support mobile agents can be penetrated by possibly harmful agents, called intruders. Concern for the severe damage intruders can cause has motivated a large amount of research, especially on detection, whose focus is on solutions by teams of mobile agents (e.g. see [1, 13, 15, 16, 31, 37]) Once the presence of an intruder is detected, a team of mobile system agents is deployed to capture it. Both the intruder and the agents move along the network links, but the intruder could be arbitrarily fast, and aware of the positions of all the agents. The agents, starting from their ....

E. H. Spaord and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34(4):547-570, October 2000.

....attack or vulnerability is considered intrusive. Numerous research as well as commercial IDSs have been developed using anomaly and or misuse detection techniques, including host based IDSs (e.g. USTAT [8] network based IDSs (e.g. NetSTAT [21] NFR [16] and distributed IDSs (e.g. AAFID [18], EMERALD [15] All current IDSs are aimed at detecting low level attacks or anomalies; none can capture the logical steps or attack strategies behind these attacks. It is usually up to human users to discover the connections between alerts. However, in intrusion intensive situations, IDSs may ....

E.H. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34:547--570, 2000.

....security. Accordingly, they hold that centralized analysis severely limits the scalability of intrusion detection systems. Purdue University s Center for Education and Research in Information Assurance and Security (CERIAS) produced the Autonomous Agents for Intrusion Detection (AAFID) 2] and [19]. The AAFID architecture consists of agents, transceivers, and monitors. In AAFID, agents perform some monitoring function, do not communicate with each other and report to a transceiver. The role of the transceiver is twofold: it tracks and controls the agents that report to it, processing and ....

Eugene H. Spafford and Diego Zamboni. Intrusion detection using autonomous agents. Elsevier Computer Networks, 34:547 -- 570, 2000.

....practical and theoretical motivations. In particular, graph searching arises in VLSI design, through its equivalence with the gate matrix layout problem (see, e.g. 11, 13, 22] It is also related to network security for its relation with the capture of an intruder by software agents (see, e.g. [1, 17, 35]) and protection from mobile eavesdroppers [16] Moreover, the problem and its variants, i.e. node search, mixed search, inert search, etc. are closely related to standard graph parameters and concepts, including treewidth, cutwidth, pathwidth, and linearwidth [2] For instance, s(G) is equal ....

E. H. Spaord and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34(4):547-570, 2000.

....(for example, an agent s next action might depend on the result of a diagnosis from a specialist agent, which is in turn waiting for the rst agent to nish its action) 9 Related Work 9.1 Societies of agents Multi agent teams can be used for distributed intrusion detection. An example is AAFID [38] which is based on multi agent defence introduced by [7] Each agent observes some aspect of network trac and acquires a model of its normal activity during a training phase so that anomalies can be detected. However, there is no requirement for agents to observe each other. Similarly, there is no ....

E.H. Spaord and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks 34, pages 547-570, 2000.

....NSTAT [24] and ASAX [34; 35] Although audit data are usually reduced before being sent to the central analysis unit, the scalability of such systems is limited due to the centralized analysis. Recent systems paid more attention to the scalability issue (e.g. EMERALD [43] GrIDS [50] AAFID [49], and CSM [56] EMERALD adopts a recursive framework in which generic building blocks can be deployed in a highly distributed manner [43] Both misuse detection and statistical anomaly detection are used in EMERALD. GrIDS aims at large distributed systems and performs intrusion detection by ....

.... performs intrusion detection by aggregating computer and network information into activity graphs which reveal the causal structure of network activity [50] AAFID is a distributed intrusion detection platform, which consists of four types of components: agents, filters, transceivers and monitors [49]. These components can be organized in a tree structure, where child and parent components communicate with each other. AAFID emphasizes on the architecture aspect of distributed intrusion detection; detailed mechanism for performing distributed intrusion detection is not addressed. JiNao is an ....

[Article contains additional citation context not shown here]

E.H. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34:547-- 570, 2000.

....NSTAT [24] and ASAX [34; 35] Although audit data are usually reduced before being sent to the central analysis unit, the scalability of such systems is limited due to the centralized analysis. Recent systems paid more attention to the scalability issue (e.g. EMERALD [43] GrIDS [50] AAFID [49], and CSM [56] EMERALD adopts a recursive framework in which generic building blocks can be deployed in a highly distributed manner [43] Both misuse detection and statistical anomaly detection are used in EMERALD. GrIDS aims at large distributed systems and performs intrusion detection by ....

.... performs intrusion detection by aggregating computer and network information into activity graphs which reveal the causal structure of network activity [50] AAFID is a distributed intrusion detection platform, which consists of four types of components: agents, filters, transceivers and monitors [49]. These components can be organized in a tree structure, where child and parent components communicate with each other. AAFID emphasizes on the architecture aspect of distributed intrusion detection; detailed mechanism for performing distributed intrusion detection is not addressed. JiNao is an ....

[Article contains additional citation context not shown here]

E.H. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34:547-- 570, 2000.

.... CMDS [115] CyberCop Monitor [110] CyberTrace [123] CylantSecure [154] Entercept [46] IDA [6] Monitor [29] Manhunt [119] NADIR [63] NIDES [3] NSTAT [74] NetProwler [148] NetRanger [25] PRCis [84] Shadow [100] UNICORN [22] eTrust Audit [26] AAFID [137], AFJ [4] CARDS [156] CSM [153] Centrax [53] DIDS [133] DPEM [77] GrIDS [139] HP IDS 9000 [61] Hummer [51] JiNao [73] LISYS [64] NFR [99] NetSTAT [152] RealSecure [71] StormWatch Table 2.2 Classification of some existing intrusion detection ....

.... [95] Bro [107] CERN NSM [91] CIDDS, CaptIO [15] CyberCop Monitor [110] CyberTrace [123] Defense Worx [129] LANguard, LANguard SELM [82] Manhunt [119] NID [28] NSM [60] Security Agent [149] OpenSnort Sensor [136] T sight [44] eTrust ID [27] AAFID [137], AFJ [4] Centrax [53] DIDS [133] Dragon [45] EMERALD [112] GrIDS [139] Hummer [51] LISYS [64] NFR [99] NetSTAT [152] RealSecure [71] Host based (52 ) ADS [118] AID [134] ALVA [90] ASAX [56] CMDS [115] CompWatch [42] CyberCop Monitor [110] ....

[Article contains additional citation context not shown here]

Eugene H. Spafford and Diego Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34(4):547--570, October 2000. URL http://www. elsevier.nl/gej-ng/10/15/22/49/30/25/article.pdf.

....of intrusion detection has been heading towards a distributed framework of monitors that do local detection and provide information to perform global detection of intrusions. A few of the intrusion detection systems that adopt this methodology are DIDS [14] GrIDS [16] EMERALD [13] and AAFID [1, 15]. Spafford and Zamboni [15] define such systems as distributed intrusion detection systems based on the location and number of the data analysis components. All these systems are hierarchical in nature. The local intrusion detection components look for local intrusions and pass their analysis ....

....been heading towards a distributed framework of monitors that do local detection and provide information to perform global detection of intrusions. A few of the intrusion detection systems that adopt this methodology are DIDS [14] GrIDS [16] EMERALD [13] and AAFID [1, 15] Spafford and Zamboni [15] define such systems as distributed intrusion detection systems based on the location and number of the data analysis components. All these systems are hierarchical in nature. The local intrusion detection components look for local intrusions and pass their analysis results to the upper levels of ....

[Article contains additional citation context not shown here]

Eugene H. Spafford and Diego Zamboni. Intrusion detection using autonomous agents. Computer Networks,34 (4):547--570, October 2000.

No context found.

Zamboni, D. M., and Spafford, E. H. Intrusion Detection using Autonomous Agents. Computer Networks -- Elsevier, pp. 547--570, vol. 34, num. 04, 2000.

No context found.

Zamboni, D.M. and Spafford, E.H. "Intrusion detection using autonomous agents". Computer Networks -- Elsevier, 34(04):547--570, October 2000.

No context found.

D. M. Zamboni and E. H. Spafford. Intrusion detection using autonomous agents. Computer Networks -- Elsevier, 34(04):547--570, October 2000.

No context found.

E. H. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34:547--570, 2000.

No context found.

E. H. Spafford and D. Zamboni. Intrusion Detection Using Autonomous Agents. Computer Networks, 34(4):547--570, 2000.

No context found.

E. H. Spafford and D. Zamboni, "Intrusion detection using autonomous agents," Computer Networks, vol. 34, no. 4, pp. 547--570, 2000.

No context found.

Eugene H. Spafford and Diego Zamboni. Intrusion Detection Using Autonomous Agents. Computer Networks, 34(4):547--570, 2000.

No context found.

E H Spafford, D Zamboni, "Intrusion detection using autonomous agents", Computer Networks, 34, pp. 547-570, 2000

No context found.

E. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, (34):547--570, October 2000.

No context found.

E. H. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34:547--570, 2000.

No context found.

Eugene H. Spafford and Diego Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34(4):547--570, October 2000.

No context found.

E. H. Spa#ord and D. Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34(4):547--570, 2000.

No context found.

Eugene H. Spafford and Diego Zamboni, "Intrusion Detection Using Autonomous Agents," Computer Networks, 34(4): 547-570, October 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC