Multi-agent system for security auditing and worm containment in metropolitan area networks

Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005. Pub Date : 2005-04-04 DOI:10.1109/ISADS.2005.1452052

Xiantai Gou, Wei-dong Jin

{"title":"Multi-agent system for security auditing and worm containment in metropolitan area networks","authors":"Xiantai Gou, Wei-dong Jin","doi":"10.1109/ISADS.2005.1452052","DOIUrl":null,"url":null,"abstract":"Security auditing and worm containment is used to guarantee the network security in metropolitan area networks. Multi-agent system for security auditing and worm containment in MAN (MSAWCM) is presented to audit user's accesses and provide a first-class automatic reaction mechanism that automatically applies containment strategies to prevent clean host from being infected by blocking the propagation of the worms MSAWCM uses broadband access server as information gathering agent that uses hardware packet filter (HPF) to get packet from MAN. It adaptively studies and audits the accessing in the whole network and dynamically changes the working parameters to detect the unknown worms. MSAWCM integrates worm detection system (WDS) and network management system (NMS). Reaction measures can be taken by using SNMP interface to control BAS as soon as the WDS detect the active worm. MSAWCM is very effective in blocking random scanning worms that are very noisy and tend to waste a lot of network bandwidth and crash routers. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MSAWCM blocking the propagation of the worms.","PeriodicalId":120577,"journal":{"name":"Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005.","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISADS.2005.1452052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Security auditing and worm containment is used to guarantee the network security in metropolitan area networks. Multi-agent system for security auditing and worm containment in MAN (MSAWCM) is presented to audit user's accesses and provide a first-class automatic reaction mechanism that automatically applies containment strategies to prevent clean host from being infected by blocking the propagation of the worms MSAWCM uses broadband access server as information gathering agent that uses hardware packet filter (HPF) to get packet from MAN. It adaptively studies and audits the accessing in the whole network and dynamically changes the working parameters to detect the unknown worms. MSAWCM integrates worm detection system (WDS) and network management system (NMS). Reaction measures can be taken by using SNMP interface to control BAS as soon as the WDS detect the active worm. MSAWCM is very effective in blocking random scanning worms that are very noisy and tend to waste a lot of network bandwidth and crash routers. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MSAWCM blocking the propagation of the worms.

查看原文本刊更多论文

城域网安全审计与蠕虫遏制的多代理系统

在城域网中，安全审计和蠕虫遏制是保证网络安全的主要手段。提出了城域网安全审计与蠕虫遏制多代理系统(MSAWCM)，对城域网用户的访问进行审计，并提供了一种一流的自动反应机制，通过阻止蠕虫的传播，自动应用遏制策略防止干净主机被感染。MSAWCM采用宽带接入服务器作为信息收集代理，使用硬件包过滤(HPF)从城域网获取数据包。它自适应地研究和审计整个网络的访问，并动态改变工作参数来检测未知蠕虫。MSAWCM集成了蠕虫检测系统(WDS)和网络管理系统(NMS)。当WDS检测到蠕虫活动时，可以通过SNMP接口控制BAS，采取相应的反应措施。MSAWCM在阻止随机扫描蠕虫方面非常有效，这些蠕虫非常嘈杂，往往会浪费大量网络带宽并导致路由器崩溃。仿真结果表明，MSAWCM阻断蠕虫的传播，可以在一定程度上避免蠕虫的高感染率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005.

自引率

0.00%

发文量