Multi-agent based security auditing system of broadband man

Abstract

Normally, security auditing is quite common in low bandwidth network, especially in 100M/IOM Ethernet. It is difficult to accomplish security auditing in broadband metropolitan area network (MAN) with Gigabit Ethernet or 2.5 GPOS (OC48) as its convergence layer backbone. This paper presents the Multi-agent based security auditing system of broadband MAN (MASASM) to resolve the problem. The key for auditing in MAN is how to get packets from MAN and how to overcome the processing of huge information. The usual ways of getting packets from network such as BSD Packet Filter (BPF) and tcpdump are not suitable for auditing in MAN at all. MASASM uses Broadband Access Server (BAS) of MAN as Information Gathering Agent that uses Hardware Packet Filter (HPF) io get packet from MAN. HPF has better process abilie than BPF and tcpdump. MASASM uses distributed multi-agent to share the task of auditing for whole MAN. To make the least influence on the performance of Information Gathering Agent, a new mechanism of routing and forwarding is given to modify the traditional "route once, switch many" to the "audit once, pass many" in BAS. The auditing system has been implemented in our experimental convergence layer routing switch that can be used as a BAS, and shows goad performance in test.