A Distributed Autonomous-Agent Network-Intrusion Detection and Response System

Wright, Roger; Shifflett, David J.; Irvine, Cynthia E.

A Distributed Autonomous-Agent Network-Intrusion Detection and Response System

Files

98paper_vhm.pdf (188.08 KB)

Authors

Wright, Roger

Shifflett, David J.

Irvine, Cynthia E.

Date of Issue

1998-06-00

Publisher

Procedings of the 1998 Command and Control Research and Technology Symposium, Monterey

Abstract

We propose a distributed architecture with autonomous agents to monitor security-related activity within a network. Each agent operates cooperatively yet independently of the others, providing for efficiency, real-time response and distribution of resources. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. We also propose a scheme of escalating levels of alertness, and a way to notify other agents on other computers in a network of attacks so they can take preemptive or reactive measures. We designed a neural network to measure and determine alert threshold values. A communication protocol is proposed to relay these alerts throughout the network. We illustrate our design with a detailed scenario.

Type

Article

URI

https://hdl.handle.net/10945/7194

Department

Computer Science (CS)

Organization

Center for Cybersecurity and Cyber Operations (C3O)

Citation

Procedings of the 1998 Command and Control Research and Technology Symposium, Monterey CA, June-July 1998. Introduction

Distribution Statement

Approved for public release; distribution is unlimited.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

Collections

Publications

Full item page

Naval Postgraduate School

Dudley Knox Library