Title :
Agent-based distributed intrusion source identification
Author :
Wang, Hongjun ; Wang, Ruijun ; Wang, Cuirong ; Gao, Yuan
Author_Institution :
Sch. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China
Abstract :
Network-based intrusion has become a serious threat to networked information systems. Yet, the current network security mechanisms are passive in response to network-based intrusions. In order to hide their origins, intruders usually use incorrect or spoofed source IP addresses breaking into targets. It is difficult to identify the real source of these network-based intrusions due to the nature of the IP protocol. This paper presents the design of distributed intrusion source identification system (DISIS) based on agents. It is comprised of several agents of different types, which can be developed respectively. The agents communicate with each other when they take their actions. DISIS can cooperate with any other intrusion detection system. This system can be installed in router or a dedicated device connected to router. DISIS can trace single source attack or multiple sources attack on-line or off-line.
Keywords :
Internet; cooperative systems; security of data; telecommunication security; IP protocol; Internet; agent-based DISIS; agents interaction; distributed intrusion source identification system; information systems; multiple-source attack; network security mechanisms; network-based intrusion; single-source attack; Electronic mail; High-speed networks; IP networks; Information science; Information security; Information systems; Intrusion detection; Protocols; Telecommunication traffic; Testing;
Conference_Titel :
Computer Networks and Mobile Computing, 2003. ICCNMC 2003. 2003 International Conference on
Print_ISBN :
0-7695-2033-2
DOI :
10.1109/ICCNMC.2003.1243066
