Mobile Agents for Intrusion Detection Jaromy Ward.

Slides:

Advertisements

Similar presentations

Security in Mobile Ad Hoc Networks

Advertisements

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

Application of Bayesian Network in Computer Networks Raza H. Abedi.

1 Advances in Network Security Case Study: Intrusion Detection Max Lakshtanov Comp 529T 7-10.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Wireless Sensor Network Security Anuj Nagar CS 590.

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Distributed System Concepts and Architectures Summary By Srujana Gorge.

Lecture 11 Intrusion Detection (cont)

Intrusion Detection System Marmagna Desai [ 520 Presentation]

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Evaluating Centralized, Hierarchical, and Networked Architectures for Rule Systems Benjamin Craig University of New Brunswick Faculty of Computer Science.

1 CIS 6930: Mobile Computing Mobile IP Sumi Helal Credit: majority of slides borrowed from one of Dave Johnson’s talks, 3.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Locating Mobile Agents in Distributed Computing Environment.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Mobile Agents For Mobile Computing Department Of Computer Science – Dartmouth College Robert Gray David Kotz Saurab Nog Daniela Rus George Cybenko.

Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Security Vulnerabilities in A Virtual Environment

1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 

MITRE 7 April 2009 CS 5214 Presenter: Phu-Gui Feng Performance Analysis of Distributed IDS Protocols for Mobile GCS Dr. Jin-Hee Cho, Dr. Ing-Ray Chen MITRE.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.

Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication Jeon, Seung.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

WEB BASED MONITORING AND CONTROLING OF INDUSTRIAL PROCESSES PRESENTED BY: Bhagyawant (3AE07EC018) Kushal (3AE07EC032) Mahantesh (3AE07EC034) Mallinath.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

In the name of God.

Chapter 6: Securing the Cloud

Institute for Cyber Security

Presented by: Saurav Kumar Bengani

Execution with Unnecessary Privileges

Basics of Intrusion Detection

Outline Introduction Characteristics of intrusion detection systems

Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.

Intrusion Detection system

Presentation transcript:

Mobile Agents for Intrusion Detection Jaromy Ward

Mobile Agents? What is a mobile agent? –Autonomous –Move on own to another machine –Platform / Agent –Duplicative –Adaptable

Traditional IDS Hierarchical –Intrusion detection at end nodes –Aggregate nodes take data from end nodes –Command and control at top of hierarchy –IDS reports possible intrusions to human The user must than make a decision –is this a real threat –What action should be taken

Problems with Traditional IDS Lack of Efficiency High number of False Positives Burdensome Maintenance Limited Flexibility Vulnerable to Direct Attack Vulnerable to Deception Limited Response Capability No Generic Building Methodology

Problems with Traditional IDS Lack of Efficiency –Amount of data –Host-base IDS Slow down performance of system –Network-base IDS Cannot process all network traffic High Number of False +’s –IDS’s still have too many false alarms that an intrusion has taken place. –Also some attacks still go unnoticed.

Problems with Traditional IDS Burdensome Maintenance –The maintenance of IDS requires knowledge of rule sets, which are different from system to system. Limited Flexibility –IDS’s are written for a specific environments –Not easily ported to different systems –Upgrade Requires shutting down IDS

Problems with Traditional IDS Vulnerable to Attack –Levels of compromise Root level – worst case Aggregation level – next worse case End node level – not too bad –Lack of redundancy –Lack of mobility –Lack of dynamic recovery

Problems with Traditional IDS Vulnerable to Deception –Network based use generic network protocol stack for analysis –Attacker could use this to decieve the IDS that the packet is good when in fact it is not Limited Response Capability –Delay of Response Human response time Distance from end node and controller

Advantages of Mobile Agents Reduce Network Load Overcoming Network Latency Autonomous Execution Platform Independence Dynamic Adaptation Static Adaptation Scalability Fault Tolerance Redundancy

Advantages Reduce Network Load –Computation moved closer to affected nodes –Reduction in data to be moved Overcoming Network Latency –More immediate response times –Closer to end nodes Autonomous Execution –Communication with other MA’s –Cloning of MA’s –No need for central authority to take action

Advantages Platform Independence –Run on any operating system –Only need to write code to run on platform not OS Dynamic Adaptation –Reactions based on previous intrusions –Learn to avoid or move towards areas –Cloning for added protection

Advantages Static Adaptation –Upgrades only require introducing new agent –Old Mobile agents removed later Scalability –Introduction of more mobile agents Fault Tolerance –Moves encrypted in the network with data it may need

Advantages Redundancy –Central point of failure removed –Harder to locate MA as they are always moving –Keep in contact with other MA’s Determine state of network Help other MA, produce clone

Disadvantages of MA’s Security –Need for PKI –Platforms need to ensure MA is not harmful Signed by trusted authority Encrypted with public key Code Size –IDS is complicated –Minimize agent size Function Platform provide OS dependent operations

Disadvantages Performance –Language used InterpretiveScript –New Java VM developed to help save state information of MA.

Intrusion Responses Dynamically modify or shutdown Target Automated Tracing of Attackers Automated Evidence Gathering Operations on an Attacker’s Host Isolating the Attacker/Target Operations on Attacker and Target Subnet

Intrusion Responses Dynamically modify or shutdown Target –Shutdown compromised target –Gather more information from target Automated Tracing of Attackers –Follow trail of intruder Automated Evidence Gathering –Mobil agents move to area of attack –Determine what collection is necessary

Intrusion Responses Operations on an Attacker’s Host –Limit operations of Attacker Isolating the Attacker/Target –Prevent network traffic from attacker/target Operations on Attacker and Target Subnet –Deploy multiple agents to flood systems

Implementations Mobile agents deployed in Hierarchy Composed of three types of Agents –Data Collectors Collect specific data Minor processing of data –Detection Agents Detect intrusions Trace intrusions –Manager Agents Oversee Data collectors and Detection agents

Conclusion Still under development Show great promise Wireless networks could use Mobile agent protection. For more information visit

References Wayne Jansen, “Intrusion Detection with Mobile Agents”, National Institute of Standards and Technology, October 2001 T. Karygiannis, “Network Security Testing Using Mobile Agents”, National Institute of Standard and Technology, June 2002 Peter Mell, Mark McLarnon, “Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems”, National Institute of Standards and Technology, November 1999 Gene Bradshaw, Mark Greaves, Heather Holmback, T. Karygiannis, Wayne Jansen, Barry Silverman, Niranjan Suri, Alex Wong, “Agents for the Masses?”, IEEE Journal pp , March/April 1999 Asaka, S.Okazawa, A.Taguchi, and S.Goto, ”A Method of Tracing Intruders by Use of Mobile Agents”, Proceedings of the Ninth Annual Internet Society Conference INET'99, San Jose, California, June 1999 W. Jansen, P. Mell, T. Karygiannis, D. Marks, “Mobile Agents in Intrusion Detection and Response”, National Institute of Standards, February 2000 W. Jansen, P. Mell, T. Karygiannis, D. Marks, “Mobile Agents in Intrusion Detection and Response”, National Institute of Standards, February 2000 Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, E. H. Spafford, and Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents”, Department of Computer Sciences, Purdue University, Coast TR 98-05, 1998 David Kotz, Robert Gray, “Mobile Agents and the Future of the Internet”, Department of Computer Science, Dartmouth College, New Hampshire, December 2002 Christopher Krugel, Thomas Toth, “Applying Mobile Agent Technology to Intrusion Detection”, Technical University Vienna, Vienna, Austria April 2001 Christopher Krugel, Thomas Toth, “Applying Mobile Agent Technology to Intrusion Detection”, Technical University Vienna, Vienna, Austria April 2001 W. Jansen, P. Mell, T. Karygiannis, D. Marks, “Applying Mobile Agents in Intrusion Detection and Response”, NIST Interim Report – 6416, National Institute of Standards, October 1999