Abstract :
Current information security prevention system has some disadvantages, such as the singleness of the data source, the imperfectness of the architecture and the absence of alert information post-processing. To address these, we present a framework for security event management based on mobile agent technology. In the framework, various agents are designed for different functions and roles, and these agents can communicate and collaborate securely. By virtue of the autonomy, mobility, inferential capability and social ability of the mobile agent, the numerous security events which may appear at many locations in the network can be efficiently detected, verified by the sensor agent and the verification agent. Furthermore, the correlation agent can correlate the purified security events globally based on the temporal relation, the causal relation, the spatial relation and statistics relations among them. We select Aglet as the platform and develop a security event management system (SEMS). Finally, through some multi-step attack scenarios, the effectiveness and the advantages of the mobile agent technology used for security event management have been verified.
Keywords :
mobile agents; security of data; causal relation; correlation agent; information security prevention system; mobile agent technology; multistep attack scenario; security event management system; sensor agent; spatial relation; statistical relation; temporal relation; verification agent; Availability; Collaboration; Data security; Design optimization; Event detection; Information security; Intrusion detection; Mobile agents; Statistics; Technology management; mobile agent; security event; security event correlation; security event management system (SEMS);
