Title :
An ontology-based multiagent approach to outbound intrusion detection
Author :
Mandujano, Salvador ; Galván, Arturo ; Nolazco, Juan A.
Author_Institution :
Inst. Tecnologico y de Estudios Superiores de Monterrey, Mexico
Abstract :
Summary form only given. The advantages of using knowledge representation and management techniques in information security have been already identified by some researchers, however, little has been done to enable security technologies with them. We present an ontology-based multiagent architecture that implements outbound intrusion detection, a monitoring approach that aims at guaranteeing that local systems are not used to compromise others. The specific goal is to identify automated attack tools, which constitute a public, unexplored repository of software security information. An attacker-centric ontology supports the architecture. Agents organized into teams execute on trusted sub-environments called cells, which are in turn organized non-hierarchically. Cells perform two independent misuse detection strategies whose output is further correlated to provide a third, more accurate diagnosis. Ontology and signature updates are deployed over the Internet as a way to speed up incident response.
Keywords :
Internet; multi-agent systems; ontologies (artificial intelligence); security of data; Internet; attacker-centric ontology; automated attack tools; information security; knowledge representation; misuse detection; ontology-based multiagent approach; outbound intrusion detection; signature updates; software security information; Computer architecture; Information management; Information security; Intrusion detection; Knowledge management; Knowledge representation; Monitoring; Ontologies; Software tools; Technology management;
Conference_Titel :
Computer Systems and Applications, 2005. The 3rd ACS/IEEE International Conference on
Print_ISBN :
0-7803-8735-X
DOI :
10.1109/AICCSA.2005.1387085
