ANATOMY OF A SECURE AND SCALABLE MULTIAGENT SYSTEM FOR EVENT CAPTURE AND CORRELATION

Timothy Nix, Kenneth Fritzsche, Fernando Maymi

Abstract

Event monitoring and correlation across a large network is inherently difficult given limitations in processing with regards to the huge quantity of generated data. Multiple agent systems allow local processing of events, with certain events or aggregate statistics being reported to centralized data stores for further processing and correlation by other agents. This paper presents a framework for a secure and scalable multiagent system for distributed event capture and correlation. We will look at what requirements are necessary to implement a generic multiagent system from the abstract view of the framework itself. We will propose an architecture that meets these requirements. Then, we provide some possible applications of the multiagent network within the described framework.

References

  1. Balasubramaniyan, J., Garcia-Fernandez, J., Isacoff, D., Spafford, E., Zamboni, D. (1998, December). An Architecture for Intrusion Detection using Autonomous Agents. Proceedings of the Fourteenth Annual Computer Security Applications Conference, pages 13- 24. IEEE Computer Society. Retrieved from http:// www.cse.buffalo.edu/sbraynov/seminar%202004/pap ers/zamboni-agents1.pdf
  2. Chatzigiannakis, V., Androulidakis, G., Grammatikou, M., Maglaris, B. (2004, June) A Distributed Intrusion Detection Prototype using Security Agents. In 11th Workshop of the HPOVUA.
  3. Einwechter, N. (2001, January 8).An Introduction to Distributed Intrusion Detection Systems. Retrieved from http://online.securityfocus.com/infocus/1532.
  4. Gopalakrishna, R., Spafford, E. (2001) A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agents. Purdue University. Retrieved from http://www.raid-symposium.org/raid2001/slides/ gopalakrishna_spafford_raid2001.pdf.
  5. Karp, R., J. Elson, D. Estrin, and S. Shenker. (2003, April 11). Optimal and Global Time Synchronization in Sensornets. Center for Embedded Networked Sensing Technical Report 0012. Retrieved from http://www. eecs.harvard.edu/mdw/course/cs263/fa03/papers/time sync-techrept03.pdf.
  6. Kerschbaum, F., Spafford, E., Zamboni, D. (2000, November). Using embedded sensors for detecting network attacks. Proceedings of the First ACM Workshop on Intrusion Detection Systems. Retrieved from http://www.cerias.purdue.edu/homes/zamboni/ pubs/wids2000.pdf.
  7. Maes, P. (1992) Modeling Adaptive Autonomous Agents. Artificial Life Journal, Vol 1, No 1&2, pp 135-162. MIT Press.
  8. Silva, C., R. Pinto, J. Castro, and P. Tedesco. (2003, November 27-28). Requirements for Multi-Agent Systems. Workshop em Engenharia de Requisitos, Piracicaba-SP, pp 198-212.
  9. Sycara, K. (1998) Multiagent Systems. AI Magazine, Vol 19, No 2. pp. 78-92. Retrieved from http://www2.cs.cmu.edu/softagents/papers/multiagentsystems.PD F.
Download


Paper Citation


in Harvard Style

Nix T., Fritzsche K. and Maymi F. (2005). ANATOMY OF A SECURE AND SCALABLE MULTIAGENT SYSTEM FOR EVENT CAPTURE AND CORRELATION . In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 972-8865-19-8, pages 233-238. DOI: 10.5220/0002533602330238


in Bibtex Style

@conference{iceis05,
author={Timothy Nix and Kenneth Fritzsche and Fernando Maymi},
title={ANATOMY OF A SECURE AND SCALABLE MULTIAGENT SYSTEM FOR EVENT CAPTURE AND CORRELATION},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2005},
pages={233-238},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002533602330238},
isbn={972-8865-19-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - ANATOMY OF A SECURE AND SCALABLE MULTIAGENT SYSTEM FOR EVENT CAPTURE AND CORRELATION
SN - 972-8865-19-8
AU - Nix T.
AU - Fritzsche K.
AU - Maymi F.
PY - 2005
SP - 233
EP - 238
DO - 10.5220/0002533602330238