Authors : M. Zaki and Dr. Tarek S. Sobh
Abstract: Active security has recently emerged as a hot area of research and development. It is mainly concerned with performing one or more security functions when a host in a communication network is subject to an attack. Such security functions include appropriate actions against attackers. To properly afford active security actions a set of software subsystems should be integrated together so that they can automatically detect and appropriately address any vulnerability in the underlying network.The aim of this work is to present a multi-agent model for implementing active security concepts. In this model, a group of static and mobile agents can carry out their tasks cooperatively to achieve their ultimate security goals. Thus, a low-level module of the proposed model reads the values of interesting data items that specify the current network events and passes them to a database. Matching these values with a predefined intruder signature can indicate a particular attack.On the basis of the proposed model a multi-agent system has been designed for taking a rapid active response against attackers. The agents of that system at different nodes are able to: (1) Detect local vulnerabilities. (2)Communicate together using an Agent Communication Language. (3) Share the attack Knowledge between them. (4)Reconfigure the attacked subnetworks. The system implementation has indicated its applicability, characteristics, and limitations.
M. Zaki and Dr. Tarek S. Sobh , 2004. Design of an Active Security Multi-Agent Intrusion Detection System . Asian Journal of Information Technology, 3: 1-10.