Detecting coordinated distributed attacks using mobile agents with associated managers architecture
Technological advances have led the modern world to a global network ecosystem. More complex threats including coordinated distributed attacks have flourished against the vital services and priceless resources stored on the omnipresent networks, compels companies to resort to numerous security measu...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2011
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/42269/1/FK%202011%2078R.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Technological advances have led the modern world to a global network ecosystem. More complex threats including coordinated distributed attacks have flourished against the vital services and priceless resources stored on the omnipresent networks, compels companies to resort to numerous security measures to defend against outsiders and even legitimate insiders of their networks. Attacks that have already penetrated through the first shield of defense (i.e. firewall) should be detected with automatic intrusion detection systems (IDS). Existing detection models together with other Internet services have suffered from common deficiencies historically inherited during the creation of the networking and the Internet. Several models have been proposed which emphasized on reducing these deficiencies in some aspect; though, introducing different drawbacks altogether on the network. Distributed intrusion detection system based on mobile agents has attracted the most attention due to their reliability and ability to recognize variety of distributed attacks with minimum burden on available resources. In this thesis we have introduced a distributed architecture based on autonomous mobile agent that relies on Associated Managers (AM) strategy. Associated Managers in charge of managing distinct virtual territories in a large network may remove the single point of failure, improve the performance and decrease the overhead load imposed by distributed IDS architecture on the network. Unlike existing proposed distributed mobile agent IDS, AM architecture has led to improved stability and reliable IDS with less severe bottlenecks. In this thesis the design and implementation of simulated AM using JADE (Java Agent DEvelopment framework) framework, are presented in detail. Performance of AM architecture, facing coordinated distributed attacks in different phases, is presented. Comparisons are made with proposed distributed IDS architecture based on mobile agents from the literature. Upon designing and developing a simulation test bed, an evaluation strategy based on simulated coordinated attacks is devised to clearly illustrate the performance of each architecture. Various aspects critical for a distributed IDS in detecting coordinated attacks are thoroughly assessed and advantages of AM over the other architecture are presented. The results indicates that in comarison with the other mobile agent based model, the performance ofAMin terms of time of detection and bandwidth usage is less affected by the number of infected hosts and correlation method and correlation time. As such, AM could finish the detection faster by consuming less amount of bandwidth in case of wide-spread distributed attacks. The performance of AM is more stable in the event of increasing overwhelmed hosts in the network. Overall, using AM model is beneficial for detecting the coordinated distributed attacks and improved the performance of detection in every phase of coordinated distributed attacks. |
|---|