Identifying Attack Code through an Ontology-Based Multiagent Tool: FROID

نویسنده

  • Salvador Mandujano
چکیده

This paper describes the design and results of FROID, an outbound intrusion detection system built with agent technology and supported by an attacker-centric ontology. The prototype features a misuse-based detection mechanism that identifies remote attack tools in execution. Misuse signatures composed of attributes selected through entropy analysis of outgoing traffic streams and process runtime data are derived from execution variants of attack programs. The core of the architecture is a mesh of self-contained detection cells organized non-hierarchically that group agents in a functional fashion. The experiments show performance gains when the ontology is enabled as well as an increase in accuracy achieved when correlation cells combine detection evidence received from independent detection cells. Keywords—Outbound intrusion detection, knowledge management, multiagent systems, ontology.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Identifying Attack Code through an Ontology-Based Multiagent Tool: FROID

This paper describes the design and results of FROID, an outbound intrusion detection system built with agent technology and supported by an attacker-centric ontology. The prototype features a misuse-based detection mechanism that identifies remote attack tools in execution. Misuse signatures composed of attributes selected through entropy analysis of outgoing traffic streams and process runtim...

متن کامل

An Ontology-supported Outbound Intrusion Detection System

Outbound intrusion detection is a systems vigilance approach that aims at limiting the effects of a security threat by collectively scrutinizing outgoing traffic and local system activity. This paper summarizes the design and implementation of FROID, an outbound intrusion detection prototype built with agent technology that exploits the semantic power of ontologies in order to enable collaborat...

متن کامل

Attack Pattern Analysis Framework For Multiagent Intrusion Detection System

The paper proposes the use of attack pattern ontology and formal framework for network traffic anomalies detection within a distributed multiagent Intrusion Detection System architecture. Our framework assumes ontology-based attack definition and distributed processing scheme with exchange of communicates between agents. The role of traffic anomalies detection was presented then it has been dis...

متن کامل

Aggrandizing the beast's limbs: patulous code reuse attack on ARM architecture

Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...

متن کامل

Using Multiagent Profiling for Distributed Information Retrieval

In this paper, we propose a multiagent information retrieval strategy in which, each agent learns from its experience through its interactions with other agents their capabilities and qualifications. Based on a distributed ontology learning framework, our methodology allows an agent to profile other agents in a dynamic translation table and a neighborhood profile, which together help determine ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005