Agent-based distributed intrusion source identification

Author

Wang, Hongjun ; Wang, Ruijun ; Wang, Cuirong ; Gao, Yuan

Author_Institution

Sch. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China

fYear

2003

fDate

20-23 Oct. 2003

Firstpage

341

Lastpage

344

Abstract

Network-based intrusion has become a serious threat to networked information systems. Yet, the current network security mechanisms are passive in response to network-based intrusions. In order to hide their origins, intruders usually use incorrect or spoofed source IP addresses breaking into targets. It is difficult to identify the real source of these network-based intrusions due to the nature of the IP protocol. This paper presents the design of distributed intrusion source identification system (DISIS) based on agents. It is comprised of several agents of different types, which can be developed respectively. The agents communicate with each other when they take their actions. DISIS can cooperate with any other intrusion detection system. This system can be installed in router or a dedicated device connected to router. DISIS can trace single source attack or multiple sources attack on-line or off-line.

Keywords

Internet; cooperative systems; security of data; telecommunication security; IP protocol; Internet; agent-based DISIS; agents interaction; distributed intrusion source identification system; information systems; multiple-source attack; network security mechanisms; network-based intrusion; single-source attack; Electronic mail; High-speed networks; IP networks; Information science; Information security; Information systems; Intrusion detection; Protocols; Telecommunication traffic; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Networks and Mobile Computing, 2003. ICCNMC 2003. 2003 International Conference on

Print_ISBN

0-7695-2033-2

Type

conf

DOI

10.1109/ICCNMC.2003.1243066

Filename

1243066