A Multi-Agents Based Effective Response System for Intrusion
- Received Date: 2003-01-02
- Publish Date: 2004-08-15
-
Key words:
- intrusion detection and response /
- multi-agent system /
- effective response /
- information security
Abstract: Flexible intrusion detection and response system (ID&R) needs to maximize security while minimizing cost and making response automatically. A multi-agents based response system, CI2D&R, the cost-based intelligent intrusion detection and response system, is proposed in this paper, which is originally developed as a facility to deal with network-based attacks and to take effective response automatically and intelligently. The networking environment deployed with the CI2D&R consists of two major parts:Guard, which runs on the specific guarded host (GH), and Spy, which runs in guarded network (GN). The components of the CI2D&R are introduced, which include intrusion detection, attack classification, damage analysis, attack path rebuilding, resources automatically safeguarding, disaster recovery, and security management. The several kinds of data flow in CI2D&R are discussed, too. While CI2D&R is only a prototype, some special safety considerations of agents are also addressed.
Citation: | Zhou Shijie, Qin Zhiguang, Zhang Feng, Zhang Xianfeng, Liu Jinde. A Multi-Agents Based Effective Response System for Intrusion[J]. Journal of University of Electronic Science and Technology of China, 2004, 33(4): 419-422. |