Modelling a network security systems using multi-agents systems engineering

Recent developments have made it possible to interoperate complex business applications at much lower costs. Application interoperation, along with business process reengineering can result in significant savings by eliminating work created by disconnected business processes due to isolated business applications. However, we believe much greater productivity benefits can be achieved by facilitating timely decision-making, utilizing information from multiple enterprise perspectives. To stay competitive in this current scenario, it is crucial for organizations to react quickly to changing security factors, such as virus attack, active intrusion, new technologies, and cost of disaster recovery. Such information security changes often encourage the creation of new security schemas or security improvements. Accommodating frequent systems information changes requires a network security system be more flexible than currently prevalent systems. Consequently, there has recently been an increasing interest in flexible network security and disaster recovery systems. Introduction There are two important aspects to a flexible network security system: hardware infrastructure and the corresponding planning and control software. The latter is the heart of a flexible network security system; appropriate software architecture can improve system performance significantly. In this paper, we focus mainly on the software aspect. Distributed Artificial Intelligence covers the intersection of Artificial Intelligence and Distributing Computing. Multi-Agent Systems (MAS) are commonly used in solving difficult problems in the areas of Distributed Artificial Intelligence. This paper takes the multi-agent approach in which a team of agents, each with only limited local knowledge and local information, collaborates to satisfy both local and global network security objectives. The overall behavior of the system emerges through the dynamic interactions of the agent’s local behaviors. In recent research activities author has addressed the use of MAS for the control of network security systems. Santana et al. [2] consider methodological issues for designing a flexible multi agent-based network security for authentication and authorization in mobile environments; the agents use a contract-net protocol for negotiation and dynamic security authentication in inter-domain networks. In other approach Santana, Sheremetov and Contreras [3] proposes a rather original approach to security assessment task planning for multiple policies by associating a Component Agent Platform, where a set of agents collaborate to assembly an authentication and authorization schema considering different policies to be assembled. Recently, we are working in the development of a multi-agent approach for Continuous Security Management, in which each agent controls only part of Security Information System and the whole security of the systems is configured by a mobile agent systems. Security policies are critical for network security management; the computational complexity of finding a coherent security schema for multi-domain systems grows exponentially with the total number of nodes, host, and segments of the network system. As a result, most practical approaches utilize only heuristic solutions to make the problem tractable. 2 Problem Definitions We are developing an agent-based planning and control system for a flexible network security system with multiple policies agents. The input of the system is the general policy model of the network to be protected. The output of the system is the final security’s state network. The general flow diagram that indicates the global operation of the system is shown in Figure 1. This flow is mainly divided in two stages: an off-line stage and an on-line stage. Off-line Security Stage Security Model General Security Policy & Security rules relationships Security Descomposition On-line Security Stage Scheduling High-Level Network Security Tasks High-Level Network Security Tasks Security Assessment Security Assessment Security Assessment Network Security Allocation Network Security Execution Network Security Error Recovery