Network Security Monitoring and Defense System Framework Design Using Mobile Agents based on DoDAF

Network security and defense plays important roles in network management system. The traditional network security monitoring systems usually employ lots of agents to collected data and then perform abnormal detection based on measurement of those data. This kind of framework needs lots of agents and usually occupies many bandwidths. Focus on this problem; we introduce the mobile agents into the network security and monitoring system. As the mobile agents are intelligent and can move to other hosts according to the monitoring task, adoption of the mobile agents will increase the flexibility of the monitoring system while reduce the number of agents. Furthermore, we employ DoDAF to make the designed framework more easily used and deployed. Firstly, we analyzed the development standards of the mobile agent, including MASIF and FIPA, then mapped them to DM2 in DoDAF. We also analyzed the elements included in the traditional network security monitoring system and mapped them to DM2. Based on those mapping works, we can obtain DM2 which should be included in different views in DoDAF. Secondly, we divided the designed architecture into four parts based on the TOGAF, including the business architecture, application architecture, data architecture and technology architecture. And extract which view which should be included in the designed framework. Finally, according to the constraint relationship between different views, we obtain the developing sequence of those views and design and develop the network security monitoring and defense system framework using the mobile agent. Based on EA, we verified the designed framework and the results show that the proposed framework is correct.