The Use of Agent Technology for Intrusion Detection

Dipankar Dasgupta, University of Memphis

Introduction

Categories of Intrusive Attacks, Identification, and Detection

Agent Technology

Network Intrusion Detection

Tracking Network Traffic

Snort Intrusion Detection System

Probability of False Alarms

Proactive IDS Agents

Limitations of IDS Without Agent Technology

Intrusion Detection Using Agents

Advantages of Using Mobile Agents in Intrusion Detection

Drawbacks of Using Mobile Agents

Analysis Techniques, Testing and Validation, and Performance of IDS Agents

Analysis Techniques

Testing and Validation Approaches

Testing Using Sanitized Traffic/Logs

Testing by Generating Traffic on a Testbed Network

Performance

A Distributed Security Agent System

Cougaar: A Cognitive Agent Architecture

Cougaar-Based Security Agent Infrastructure

Security Node Society

Sequence of Operations

Experimentation and Evaluation of CIDS

Conclusions

Acknowledgements

Glossary

Cross References

References

Further Reading

INTRODUCTION

With the growing use of Internet applications and automated scripts, it has become very difficult to keep track of all cyber activities. In particular, it is hard to track each and every application, such as Jscript, VBScript, ActiveX, Outlook, Outlook Express, etc. However, it is possible to monitor their effects on the system and its resources. Moreover, it is necessary to analyze monitored network data efficiently for faster attack detection and response.

Intrusion/anomaly detection ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.