Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Agents for Intrusion Detection Jaromy Ward.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile Agents for Intrusion Detection Jaromy Ward."— Presentation transcript:

1 Mobile Agents for Intrusion Detection Jaromy Ward

2 Mobile Agents? What is a mobile agent? –Autonomous –Move on own to another machine –Platform / Agent –Duplicative –Adaptable

3

4 Traditional IDS Hierarchical –Intrusion detection at end nodes –Aggregate nodes take data from end nodes –Command and control at top of hierarchy –IDS reports possible intrusions to human The user must than make a decision –is this a real threat –What action should be taken

5 Problems with Traditional IDS Lack of Efficiency High number of False Positives Burdensome Maintenance Limited Flexibility Vulnerable to Direct Attack Vulnerable to Deception Limited Response Capability No Generic Building Methodology

6 Problems with Traditional IDS Lack of Efficiency –Amount of data –Host-base IDS Slow down performance of system –Network-base IDS Cannot process all network traffic High Number of False +’s –IDS’s still have too many false alarms that an intrusion has taken place. –Also some attacks still go unnoticed.

7 Problems with Traditional IDS Burdensome Maintenance –The maintenance of IDS requires knowledge of rule sets, which are different from system to system. Limited Flexibility –IDS’s are written for a specific environments –Not easily ported to different systems –Upgrade Requires shutting down IDS

8 Problems with Traditional IDS Vulnerable to Attack –Levels of compromise Root level – worst case Aggregation level – next worse case End node level – not too bad –Lack of redundancy –Lack of mobility –Lack of dynamic recovery

9 Problems with Traditional IDS Vulnerable to Deception –Network based use generic network protocol stack for analysis –Attacker could use this to decieve the IDS that the packet is good when in fact it is not Limited Response Capability –Delay of Response Human response time Distance from end node and controller

10 Advantages of Mobile Agents Reduce Network Load Overcoming Network Latency Autonomous Execution Platform Independence Dynamic Adaptation Static Adaptation Scalability Fault Tolerance Redundancy

11 Advantages Reduce Network Load –Computation moved closer to affected nodes –Reduction in data to be moved Overcoming Network Latency –More immediate response times –Closer to end nodes Autonomous Execution –Communication with other MA’s –Cloning of MA’s –No need for central authority to take action

12 Advantages Platform Independence –Run on any operating system –Only need to write code to run on platform not OS Dynamic Adaptation –Reactions based on previous intrusions –Learn to avoid or move towards areas –Cloning for added protection

13 Advantages Static Adaptation –Upgrades only require introducing new agent –Old Mobile agents removed later Scalability –Introduction of more mobile agents Fault Tolerance –Moves encrypted in the network with data it may need

14 Advantages Redundancy –Central point of failure removed –Harder to locate MA as they are always moving –Keep in contact with other MA’s Determine state of network Help other MA, produce clone

15 Disadvantages of MA’s Security –Need for PKI –Platforms need to ensure MA is not harmful Signed by trusted authority Encrypted with public key Code Size –IDS is complicated –Minimize agent size Function Platform provide OS dependent operations

16 Disadvantages Performance –Language used InterpretiveScript –New Java VM developed to help save state information of MA.

17 Intrusion Responses Dynamically modify or shutdown Target Automated Tracing of Attackers Automated Evidence Gathering Operations on an Attacker’s Host Isolating the Attacker/Target Operations on Attacker and Target Subnet

18 Intrusion Responses Dynamically modify or shutdown Target –Shutdown compromised target –Gather more information from target Automated Tracing of Attackers –Follow trail of intruder Automated Evidence Gathering –Mobil agents move to area of attack –Determine what collection is necessary

19 Intrusion Responses Operations on an Attacker’s Host –Limit operations of Attacker Isolating the Attacker/Target –Prevent network traffic from attacker/target Operations on Attacker and Target Subnet –Deploy multiple agents to flood systems

20 Implementations Mobile agents deployed in Hierarchy Composed of three types of Agents –Data Collectors Collect specific data Minor processing of data –Detection Agents Detect intrusions Trace intrusions –Manager Agents Oversee Data collectors and Detection agents

21 Conclusion Still under development Show great promise Wireless networks could use Mobile agent protection. For more information visit http://csrc.nist.gov/mobilesecurity/

22 References Wayne Jansen, “Intrusion Detection with Mobile Agents”, National Institute of Standards and Technology, October 2001 T. Karygiannis, “Network Security Testing Using Mobile Agents”, National Institute of Standard and Technology, June 2002 Peter Mell, Mark McLarnon, “Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems”, National Institute of Standards and Technology, November 1999 Gene Bradshaw, Mark Greaves, Heather Holmback, T. Karygiannis, Wayne Jansen, Barry Silverman, Niranjan Suri, Alex Wong, “Agents for the Masses?”, IEEE Journal pp. 53- 63, March/April 1999 Asaka, S.Okazawa, A.Taguchi, and S.Goto, ”A Method of Tracing Intruders by Use of Mobile Agents”, Proceedings of the Ninth Annual Internet Society Conference INET'99, San Jose, California, June 1999 W. Jansen, P. Mell, T. Karygiannis, D. Marks, “Mobile Agents in Intrusion Detection and Response”, National Institute of Standards, February 2000 W. Jansen, P. Mell, T. Karygiannis, D. Marks, “Mobile Agents in Intrusion Detection and Response”, National Institute of Standards, February 2000 Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, E. H. Spafford, and Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents”, Department of Computer Sciences, Purdue University, Coast TR 98-05, 1998 David Kotz, Robert Gray, “Mobile Agents and the Future of the Internet”, Department of Computer Science, Dartmouth College, New Hampshire, December 2002 Christopher Krugel, Thomas Toth, “Applying Mobile Agent Technology to Intrusion Detection”, Technical University Vienna, Vienna, Austria April 2001 Christopher Krugel, Thomas Toth, “Applying Mobile Agent Technology to Intrusion Detection”, Technical University Vienna, Vienna, Austria April 2001 W. Jansen, P. Mell, T. Karygiannis, D. Marks, “Applying Mobile Agents in Intrusion Detection and Response”, NIST Interim Report – 6416, National Institute of Standards, October 1999

Download ppt "Mobile Agents for Intrusion Detection Jaromy Ward."

Similar presentations

Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.
Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.

Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.
GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
1 Advances in Network Security Case Study: Intrusion Detection Max Lakshtanov Comp 529T 7-10.

1 Advances in Network Security Case Study: Intrusion Detection Max Lakshtanov Comp 529T 7-10.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.

Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Similar presentations

Ads by Google