Browse > Article

Mutiagent based on Attacker Traceback System using SOM  

Choi Jinwoo (한국과학기술원)
Woo Chong-Woo (국민대학교 컴퓨터학부)
Park Jaewoo (국가보안기술연구소)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.11, no.3, 2005 , pp. 235-245 More about this Journal
Abstract
The rapid development of computer network technology has brought the Internet as the major infrastructure to our society. But the rapid increase in malicious computer intrusions using such technology causes urgent problems of protecting our information society. The recent trends of the intrusions reflect that the intruders do not break into victim host directly and do some malicious behaviors. Rather, they tend to use some automated intrusion tools to penetrate systems. Most of the unknown types of the intrusions are caused by using such tools, with some minor modifications. These tools are mostly similar to the Previous ones, and the results of using such tools remain the same as in common patterns. In this paper, we are describing design and implementation of attacker-traceback system, which traces the intruder based on the multi-agent architecture. The system first applied SOM to classify the unknown types of the intrusion into previous similar intrusion classes. And during the intrusion analysis stage, we formalized the patterns of the tools as a knowledge base. Based on the patterns, the agent system gets activated, and the automatic tracing of the intrusion routes begins through the previous attacked host, by finding some intrusion evidences on the attacked system.
Keywords
Intruder Trace-back System; Multi-agent System; Self-Organizing Maps;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Finin, T., Fritzson, R., McKay, D. and McEntire, R. 'KQML as an agent communication language,' Proc. of CIKM'94, pp. 126-130, 1994
2 Petrie, C., 'JATLite,' Online Documentation, 1998. available at http://java.stanford.edu/
3 Wooldridge, M. and Jennings, N. 'Intelligent Agents,' Lecture Notes in Artificial Intelligence #890, Springer-Verlag, 1995
4 Nwana, H. S., 'Software agents: An Overview,' The Knowledge Engineering Review, 11(3), pp 205-244, 1996   DOI
5 Chalupsky, H., Finin, T., Fritzson, R. McKay, D., Shapiro, S. and Weiderhold, G. 'An overview of KQML: A knowledge query and manipulation language,' Technical report, KQML Advisory Group, April 1992. available at http://www.csee.umbc.edu/kqml/papers/kqmloverview.ps
6 Song, D. X. and Perrig, A. 'Advanced and Authenticated Marking Schemes for IP Traceback,' In Proceedings of the IEEE Infocomm 2001, April 2001   DOI
7 CERT Coordination Center, 'Overview of Attack Trends,' Carnegie Mellon University, 2002. available at http://www.cert.org/archive/pdf/attacktrends.pdf
8 Allen, J. H., 'CERT Guide to System and Network Security Practices,' Addison-Wesley, 2001
9 Savage, S., Wetherall, D., Karlin, A. and Anderson, T., 'Practical Network Support for IP Traceback,' In Proc. of the 2000 ACM SIGCOMM Conference, pp 295-306, 2000   DOI
10 Bellovin, S., Leech, M. and Taylor, T. 'ICMP Traceback Messages,' 2001. available at http://www.cse.ogi.edu/~wuchang/cse581_winter2002/papers/draft-ietf-itrace-01.txt
11 Kohonen, T., Self-Organizing Maps, Springer-Verlag, Berlin, 1995
12 KddCup'99. available at http://kdd.ics.uci.edu/databases-kddcup99/kddcup99.html
13 Franklin, S. and Graesser, A., 'Is it an agent, or just program?: A taxonomy for autonomous agents,' Proc. Of the Third International Workshop on Agent Theories, Architectures, and Language, 1996
14 Korea Computer Emergency Response Team Coordination Center, 2004. available at http://www.certcc.or.kr/statistics/hack/hack.htm
15 Symantec Internet Security Threat Report, Vol. 3, 2002, available at http://www.symantec.com/region/hu/huresc/download/2003_02_03SymantecInternetSecurityThreatReport.pdf