Autonomous Agents for Distributed Intrusion Detection in a Multi-Host Environment,

reportActive / Technical Report | Accession Number: ADA369795 | Open PDF

Abstract:

Because computer security in todays networks is one of the fastest expanding areas of the computer industry, protecting resources from intruders is an arduous task that must be automated to be efficient and responsive. Most intrusion-detection systems currently rely on some type of centralized processing to analyze the data necessary to detect an intruder in real time. A centralized approach can be vulnerable to attack. If an intruder can disable the central detection system, then most, if not all, protection is subverted. The research presented here demonstrates that independent detection agents can be run in a distributed fashion, each operating mostly independent of the others, yet cooperating and communicating to provide a truly distributed detection mechanism without a single point of failure. The agents can run along with user and system software without noticeable consumption of system resources, and without generating an overwhelming amount of network traffic during an attack.

Author(s):
Ingram, Dennis J.
Author Organization(s):
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Descriptive Note:
Master's thesis,
Pagination:
0081

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release

RECORD

Collection: TR
Identifying Numbers
Monitor Series:
NPS
 Subject Terms
Joint Capability Areas:
JCA_8_Building Partnerships; JCA_6_Net Centric; JCA_8.1_Communicate; JCA_8.1.3_Influence Adversary and Competitor Audiences; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.4.1_Secure Information Exchange; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_5_Command and Control; JCA_2_Battlespace Awareness; JCA_2.1_Planning and Direction; JCA_2.1.3_Task and Monitor Resources; JCA_5.3_Planning; JCA_4.6.1_General Engineering
Modernization Areas:
Cyber; Autonomy; Quantum Science and Computing
Communities of Interest:
Cyber
Descriptor(s):
*COMPUTER PROGRAMS, *DETECTION, *DATA PROCESSING SECURITY, SOFTWARE ENGINEERING, INDUSTRIES, DETECTORS, NETWORKS, REAL TIME, DISTRIBUTION, COMPUTERS, PROCESSING, VULNERABILITY, FAILURE, THESES, SELF OPERATION, RESOURCES, CONSUMPTION, CENTRALIZED, INTRUSION, INTRUSION DETECTION
Field(s)/Group(s):
Computer Systems Management and Standards
Report Date:
1999 Sep 01
Creation Date:
1999 Nov 10