基于多智能体的宽带城域网安全审计系统

2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings. Pub Date : 2004-08-26 DOI:10.1109/ICIMA.2004.1384335

Xiantai Gou, Wei-dong Jin, Gexiang Zhang

{"title":"基于多智能体的宽带城域网安全审计系统","authors":"Xiantai Gou, Wei-dong Jin, Gexiang Zhang","doi":"10.1109/ICIMA.2004.1384335","DOIUrl":null,"url":null,"abstract":"Normally, security auditing is quite common in low bandwidth network, especially in 100M/IOM Ethernet. It is difficult to accomplish security auditing in broadband metropolitan area network (MAN) with Gigabit Ethernet or 2.5 GPOS (OC48) as its convergence layer backbone. This paper presents the Multi-agent based security auditing system of broadband MAN (MASASM) to resolve the problem. The key for auditing in MAN is how to get packets from MAN and how to overcome the processing of huge information. The usual ways of getting packets from network such as BSD Packet Filter (BPF) and tcpdump are not suitable for auditing in MAN at all. MASASM uses Broadband Access Server (BAS) of MAN as Information Gathering Agent that uses Hardware Packet Filter (HPF) io get packet from MAN. HPF has better process abilie than BPF and tcpdump. MASASM uses distributed multi-agent to share the task of auditing for whole MAN. To make the least influence on the performance of Information Gathering Agent, a new mechanism of routing and forwarding is given to modify the traditional \"route once, switch many\" to the \"audit once, pass many\" in BAS. The auditing system has been implemented in our experimental convergence layer routing switch that can be used as a BAS, and shows goad performance in test.","PeriodicalId":375056,"journal":{"name":"2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings.","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Multi-agent based security auditing system of broadband man\",\"authors\":\"Xiantai Gou, Wei-dong Jin, Gexiang Zhang\",\"doi\":\"10.1109/ICIMA.2004.1384335\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Normally, security auditing is quite common in low bandwidth network, especially in 100M/IOM Ethernet. It is difficult to accomplish security auditing in broadband metropolitan area network (MAN) with Gigabit Ethernet or 2.5 GPOS (OC48) as its convergence layer backbone. This paper presents the Multi-agent based security auditing system of broadband MAN (MASASM) to resolve the problem. The key for auditing in MAN is how to get packets from MAN and how to overcome the processing of huge information. The usual ways of getting packets from network such as BSD Packet Filter (BPF) and tcpdump are not suitable for auditing in MAN at all. MASASM uses Broadband Access Server (BAS) of MAN as Information Gathering Agent that uses Hardware Packet Filter (HPF) io get packet from MAN. HPF has better process abilie than BPF and tcpdump. MASASM uses distributed multi-agent to share the task of auditing for whole MAN. To make the least influence on the performance of Information Gathering Agent, a new mechanism of routing and forwarding is given to modify the traditional \\\"route once, switch many\\\" to the \\\"audit once, pass many\\\" in BAS. The auditing system has been implemented in our experimental convergence layer routing switch that can be used as a BAS, and shows goad performance in test.\",\"PeriodicalId\":375056,\"journal\":{\"name\":\"2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings.\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-08-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMA.2004.1384335\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMA.2004.1384335","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

通常情况下，安全审计在低带宽网络中非常常见，特别是在100M/IOM以太网中。在以千兆以太网或2.5 GPOS (OC48)作为汇聚层骨干的宽带城域网(MAN)中，很难完成安全审计。为了解决这一问题，本文提出了基于多智能体的宽带城域网安全审计系统。城域网审计的关键是如何从城域网获取数据包以及如何克服海量信息的处理。通常从网络获取数据包的方法，如BSD包过滤器(BPF)和tcpdump，根本不适合城域网中的审计。MASASM使用城域网的BAS (Broadband Access Server)作为信息收集代理，使用HPF (Hardware Packet Filter)从城域网获取报文。HPF具有比BPF和tcpdump更好的处理能力。MASASM采用分布式多智能体分担整个城域网的审计任务。为了使信息采集代理对性能的影响最小，提出了一种新的路由转发机制，将BAS中传统的“一次路由、切换多次”改为“一次审核、多次通过”。该审计系统已经在我们的实验收敛层路由交换机上实现，可以作为BAS使用，并在测试中显示出良好的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Multi-agent based security auditing system of broadband man

Normally, security auditing is quite common in low bandwidth network, especially in 100M/IOM Ethernet. It is difficult to accomplish security auditing in broadband metropolitan area network (MAN) with Gigabit Ethernet or 2.5 GPOS (OC48) as its convergence layer backbone. This paper presents the Multi-agent based security auditing system of broadband MAN (MASASM) to resolve the problem. The key for auditing in MAN is how to get packets from MAN and how to overcome the processing of huge information. The usual ways of getting packets from network such as BSD Packet Filter (BPF) and tcpdump are not suitable for auditing in MAN at all. MASASM uses Broadband Access Server (BAS) of MAN as Information Gathering Agent that uses Hardware Packet Filter (HPF) io get packet from MAN. HPF has better process abilie than BPF and tcpdump. MASASM uses distributed multi-agent to share the task of auditing for whole MAN. To make the least influence on the performance of Information Gathering Agent, a new mechanism of routing and forwarding is given to modify the traditional "route once, switch many" to the "audit once, pass many" in BAS. The auditing system has been implemented in our experimental convergence layer routing switch that can be used as a BAS, and shows goad performance in test.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings.

自引率

0.00%

发文量