Autonomous Agents for Distributed Intrusion Detection in a Multi-Host Environment,

Abstract

Because computer security in today's networks is one of the fastest expanding areas of the computer industry, protecting resources from intruders is an arduous task that must be automated to be efficient and responsive. Most intrusion-detection systems currently rely on some type of centralized processing to analyze the data necessary to detect an intruder in real time. A centralized approach can be vulnerable to attack. If an intruder can disable the central detection system, then most, if not all, protection is subverted. The research presented here demonstrates that independent detection agents can be run in a distributed fashion, each operating mostly independent of the others, yet cooperating and communicating to provide a truly distributed detection mechanism without a single point of failure. The agents can run along with user and system software without noticeable consumption of system resources, and without generating an overwhelming amount of network traffic during an attack.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 1999
Accession Number
ADA369795

Entities

People

  • Dennis J. Ingram

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Autonomy
  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Autonomous Agents
  • Computer Networks
  • Computer Programming
  • Computer Science
  • Computers
  • Cybersecurity
  • Debugging
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Information Security
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Systems Analysis and Design

Technology Areas

  • Cyber