Les Miller

Intelligent agents for intrusion detection

The paper focuses on intrusion detection and countermeasures with respect to widely-used operating systems and networks. The design and architecture of an intrusion detection system built from distributed agents is proposed to implement an intelligent system on which data mining can be performed to provide global, temporal views of an entire networked system. A starting point for agent intelligence in the system is the research into the use of machine learning over system call traces from the privileged sendmail program on UNIX. The authors use a rule learning algorithm to classify the system call traces for intrusion detection purposes and show the results.

Lightweight agents for intrusion detection

We have designed and implemented an intrusion detection system (IDS) prototype based on mobile agents. Our agents travel between monitored systems in a network of distributed systems, obtain information from data cleaning agents, classify and correlate information, and report the information to a user interface and database via mediators.Agent systems with lightweight agent support allow runtime addition of new capabilities to agents. We describe the design of our Multi-agent IDS and show how lightweight agent capabilities allowed us to add communication and collaboration capabilities to the mobile agents in our IDS.

A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System

Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what countermeasures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.

Automated discovery of concise predictive rules for intrusion detection

This paper details an essential component of a multi-agent distributed knowledge network system for intrusion detection. We describe a distributed intrusion detection architecture, complete with a data warehouse and mobile and stationary agents for distributed problem-solving to facilitate building, monitoring, and analyzing global, spatio-temporal views of intrusions on large distributed systems. An agent for the intrusion detection system, which uses a machine learning approach to automated discovery of concise rules from system call traces, is described.We use a feature vector representation to describe the system calls executed by privileged processes. The feature vectors are labeled as good or bad depending on whether or not they were executed during an observed attack. A rule learning algorithm is then used to induce rules that can be used to monitor the system and detect potential intrusions. We study the performance of the rule learning algorithm on this task with and without feature subset selection using a genetic algorithm. Feature subset selection is shown to significantly reduce the number of features used while improving the accuracy of predictions.

Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems

The integration of Software Fault Tree (SFT), which describes intrusions and Coloured Petri Nets (CPNs) that specifies design, is examined for an Intrusion Detection System (IDS). The IDS under development is a collection of mobile agents that detect, classify, and correlate the system and network activities. SFTs, augmented with nodes that describe trust, temporal and contextual relationships, are used to describe intrusions. CPNs for intrusion detection are built using CPN templates created from the augmented SFTs. Hierarchical CPNs are created to detect critical stages of intrusions. The agentbased implementation of the IDS is then constructed from the CPNs. Examples of intrusions and descriptions of the prototype implementation are used to demonstrate how the CPN approach has been used in the development of the IDS. The main contribution of this paper is an approach to systematic specification, design and implementation of an IDS; Innovations include (1) using stages of intrusions to structure the specification and design of the IDS; (2) augmentation of SFT with trust, temporal and contextual nodes to model intrusions; (3) algorithmic construction of CPNs from augmented SFT; and (4) generation of mobile agents from CPNs.

Distributed knowledge networks

Distributed knowledge networks (DKN) provide some of the key enabling technologies for translating recent advances in automated data acquisition, digital storage, computers and communications into fundamental advances in organizational decision support, data analysis, and related applications. DKN include computational tools for accessing, organizing, transforming, and analyzing the contents of heterogeneous, distributed data and knowledge sources and for distributed problem solving and decision making under tight time, resource, and performance constraints. The paper presents an overview of the DKN project in the Iowa State University Artificial Intelligence Laboratory.

SMART mobile agent facility

Abstract With ever growing use of Internet for electronic commerce and data mining type applications there seems to be a need for new network computing paradigms that can overcome the barriers posed by network congestion and unreliability. Mobile agent programming is a paradigm that enables the programs to move from one host to another, do the processing locally and return results asynchronously. In this paper, we present the design and development of a mobile agent system that will provide a platform for developing mobile applications that are Mobile Agent Facility (MAF) specification compliant. We start by exploring mobile agent technology and establish its merits with respect to the client–server technology. Next, we introduce a concept called dynamic aggregation to improve the performance of mobile agent applications. We, then focus on the design and implementation issues of our system, Scalable, Mobile and Reliable Technology (SMART), which is based on the MAF specification.

Energy-efficient indexing on a broadcast channel in a mobile database access system

Advances in communication and computation technologies and the recent marriage between the two allows users to have access to information sources via portable, mobile computing devices, and wireless connection. Broadcasting has been suggested as a possible solution for several limitations within this new environment. In order to limit the amount of energy consumed at the mobile unit, indexing can be considered as an energy-efficient solution within the broadcasting environment. In this work, we suggest possible allocation strategies of indexes along with their data objects (for an object-oriented database environment) on the broadcast channel. We conduct the timing analysis and simulation necessary to observe the effects of the allocation strategies on both the response time and energy consumption at the mobile clients.

Specialized Parallel Architectures for Textual Databases

Publisher Summary The chapter presents the concept of unformatted databases and parallel architectures, proposed to manipulate textual databases. Databases fall into two general categories—namely, formatted and unformatted structures. Formatted databases are mainly time variant entities and are subject to extensive alteration as well as search operations. Unformatted databases (bibliographic or full-text) are archival in nature and are processed by searching for a pattern or a combination of patterns. The problem of searching large textual databases is addressed in the chapter. To improve the performance of such a lengthy operation, two major directions are discussed: one based on the design of efficient algorithms for pattern matching operations, and the other based on the hardware implementation of the basic pattern matching operations. Both approaches have their own merits and are subject to further research and study. However, the major theme of this chapter is centered around the design of the hardware pattern matcher. Such an emphasis is mainly due to the current advances in technology that have enabled the migration of the software functions into the hardware. Three different schemes of hardware implementation of an efficient term comparator for specialized backend text retrieval architectures are also discussed.

Using an Error Detection Strategy for Improving Web Accessibility for Older Adults

The ability to use the Internet can provide an important contribution to an older adults quality of life. Communication via email with family, friends and service providers has become a critical factor for improving ones ability to cope with modern society as individuals age. The problem is that as users age, natural physical and cognitive impairments make it more difficult for them to use the required technology. The present study investigates the use of error detection as a means of improving web access amongst older adults. Specifically, error detection strategies are compared to observation as a means of identifying the impairments of Internet users.