Autonomous Protection Mechanism for Joint Networks in Coalition Operations

Any successful coalition cooperation requires efficient communication network connecting the coalition members. Protection of this joint network requires special techniques as it is highly dynamic, heterogenous and a joint network management team can not always be established. To address the requirements for joint network protection, we propose a design of a highly autonomous, adaptive and decentralized agent-based mechanism for network intrusion detection and self-protection. Detection process is based on correlation of anomalies in network traffic with simple alarms raised by host-based intrusion detection components, in order to achieve a low false positive rate. The self-protection mechanism features distributed, policy driven deployment of automatically generated filters. Our approach doesn´t require any direct operator oversight, but all components are subject to policies established by their owners to prevent undesirable behavior or system misuse. The whole approach is validated in a high-level network model with worm propagation scenario