Intrusion detection using autonomous agents

Spafford, Eugene H.; Zamboni, Diego

doi:10.1016/s1389-1286(00)00136-5

Cited by 260 publications

(128 citation statements)

References 8 publications

Supporting

Mentioning

126

Contrasting

Unclassified

Order By: Relevance

“…An intrusion detection system (IDS) was introduced into the smart grid preventing the attacks against AMI in smart grid [15] - [18]. Different attacks against AMI are analyzed, which should be timely detected.…”

Section: B Active Defensementioning

confidence: 99%

Advanced Metering Infrastructure Security Issues and its Solution: A Review

XU¹

2015

IJIRCCE

View full text Add to dashboard Cite

Advanced metering infrastructure (AMI) is the core component in smart grid. Moreover, two-way communication between the user and the power utility is realized through AMI. Composition of AMI is described. AMI security requirements are illustrated. The threats on the smart meters, communications network, and data collector are analyzed, respectively. Passive and active defenses are investigated. For the passive defense, the traditional encryption technology has low key transportation security, while the public key infrastructure (PKI) used in the whole smart grid has high cost and long computation time and current ID-based authentication mechanism does not offer mutual authentication between smart meter and smart device. When intrusion detection system (IDS) is deployed on AMI key nodes, it is possible to meet the cost effectiveness and computational efficiency and to make up for the passive security policy.

show abstract

Section: B Active Defensementioning

confidence: 99%

Advanced Metering Infrastructure Security Issues and its Solution: A Review

XU¹

2015

IJIRCCE

View full text Add to dashboard Cite

show abstract

“…Early examples of these systems are [20], [17], [26], and [21]. A starting point for DIDSs is the collaboration between Lawrence Livermore National Labs, U.S. Air Force and other organizations [20].…”

Section: Related Workmentioning

confidence: 99%

“…By using both models, the system prioritizes which network events to monitor. AAFID [21] is a distributed framework based on software agents to collect and analyze data and used as a platform to develop intrusion detection techniques. An interesting policy-based proposal based on the popular Bro IDS [15] was presented in [6], using intrusion detection sensors in a distributed, collaborative manner.…”

Section: Related Workmentioning

confidence: 99%

Secure Configuration of Intrusion Detection Sensors for Changing Enterprise Systems

Modelo-Howard

Sweval

Bagchi

2012

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Abstract. Current attacks to distributed systems involve multiple steps, due to attackers usually taking multiple actions to achieve their goals. Such attacks are called multi-stage attacks and have the ultimate goal to compromise a critical asset for the victim. An example would be compromising a web server, then achieve a series of intermediary steps (such as compromising a developer's box thanks to a vulnerable PHP module and connecting to a FTP server with gained credentials) to ultimately connect to a database where user credentials are stored. Current detection systems are not capable of analyzing the multi-step attack scenario. In this document we present a distributed detection framework based on a probabilistic reasoning engine that communicates to detection sensors and can achieve two goals: (1) protect the critical asset by detecting multi-stage attacks and (2) tune sensors according to the changing environment of the distributed system monitored by the distributed framework. As shown in the experiments, the framework reduces the number of false positives that it would otherwise report if it were only considering alerts from a single detector and the reconfiguration of sensors allows the framework to detect attacks that take advantage of the changing system environment.

show abstract

“…In these propositions the audit of data collected is done in several points of the network and the analysis is executed by a central location. With CSM [9] and AAFID [10], the usage of distributed analysis agents is very relative.…”

Section: Related Workmentioning

confidence: 99%

A Peer-to-Peer Architecture to collaboratively Propagate and Traceback DDoS Attack information using DST

Selvam¹,

Vinayagam²,

Kumar³

et al. 2010

IJCA

View full text Add to dashboard Cite

Distributed Denial of Service attacks has become prevalent in the context of ever growing Internet. Numerous attacks have taken place in the past and numerous solutions have been suggested. Intrusion detection and filtering are necessary mechanisms to combat against these attacks and secure networks. However, the existing detection techniques for DDoS attacks have their entities work in isolation. In this paper, we propose an efficient and distributed collaborative architecture that allows the placement and the cooperation of the defense entities to better address the main security challenges. The use of Distributed Spanning Trees (DST) algorithm controls the damage caused by Distributed Denial of Service attacks by using propagation and traceback mechanism. Simulations show that DST-based tracing behave better than randomly generated graphs and trees as it generates less messages to query all computers while avoiding the tree bottlenecks. General TermsPeer-to-Peer Network, Security.

show abstract

Intrusion detection using autonomous agents

Cited by 260 publications

References 8 publications

Advanced Metering Infrastructure Security Issues and its Solution: A Review

Advanced Metering Infrastructure Security Issues and its Solution: A Review

Secure Configuration of Intrusion Detection Sensors for Changing Enterprise Systems

A Peer-to-Peer Architecture to collaboratively Propagate and Traceback DDoS Attack information using DST

Contact Info

Product

Resources

About