A Security Decision-Reaction Architecture for Heterogeneous Distributed Network

The main objective of this paper is to provide a global decision-reaction architectural built on the requirements for a reaction after alert detection mechanisms in the frame of information systems security and more particularly applied to telecom infrastructures security. These infrastructures are distributed in nature, therefore the architecture is elaborated using the multi-agents system that provides the advantages of autonomous and interaction facilities, and has been associated to the ontoBayes model for decision support mechanism. This model helps agents to make decisions according to preference values and is built upon ontology based knowledge sharing, bayesian networks based uncertainty management and influence diagram based decision support. The Multi-Agent System decision-reaction architecture is developed in a distributed perspective and is composed of three basic layers: low level, intermediate level and high level. The proposed approach has been illustrated based on the network architecture for heterogeneous mobile computing developed by the BARWAN project. Accordingly: the Building Area constitutes the low level and aims to be the interface between the main architecture and the targeted infrastructure. The Campus-Area is the intermediate level responsible of correlating the alerts coming from different domains of the infrastructure and to smartly deploy the reaction actions.