An architecture for intrusion detection using Autonomous Agents

被引:60
作者
Balasubramaniyan, JS [1 ]
Garcia-Fernandez, JO [1 ]
Isacoff, D [1 ]
Spafford, E [1 ]
Zamboni, D [1 ]
机构
[1] Purdue Univ, COAST Lab, W Lafayette, IN 47907 USA
来源
14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS | 1998年
关键词
D O I
10.1109/CSAC.1998.738563
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The Intrusion Detection System architectures commonly used in commercial and research systems have a number of problems that limit their configurability, scalability or efficiency. The most common shortcoming in the existing architectures is that they are built around a single monolithic entity that does most of the data collection and processing. In this paper we review our architecture for a distributed Intrusion Detection System based on multiple independent entities working collectively We call these entities Autonomous Agents. This approach solves some of the problems previously mentioned. We present the motivation and description of the approach, partial results obtained from an early prototype, a discussion of design and implementation issues, and directions for future work.
引用
收藏
页码:13 / 24
页数:12
相关论文
共 28 条
[11]  
HEBERLEIN L, 1990, P IEEE S RES SEC PRI
[12]   NADIR: An automated system for detecting network intrusion and misuse [J].
Hochberg, Judith ;
Jackson, Kathleen ;
Stallings, Cathy ;
McClary, J.F. ;
DuBois, David ;
Ford, Josephine .
Computers and Security, 1993, 12 (03) :235-248
[13]  
HUNTEMAN W, 1997, P 20 NAT INF SYST SE
[14]  
Kernighan B. W., 1988, C PROGRAMMING LANGUA
[15]  
KUMAR S, 1995, THESIS PURDUE U W LA
[16]   NETWORK INTRUSION DETECTION [J].
MUKHERJEE, B ;
HEBERLEIN, LT ;
LEVITT, KN .
IEEE NETWORK, 1994, 8 (03) :26-41
[17]  
Ousterhout J. K., 1994, TCL TK TOOLKIT
[18]  
Porras PA, 1997, P 20 NAT INF SYST SE
[19]  
PTACEK TH, 1998, INSERTION EVASION DE
[20]  
ROSE M, 1993, SIMPLE BOOK INTRO MA
123