Artificial Intelligence Research Laboratory
Department of Computer Science
Iowa State University


Multi-Agent Systems for Integrated Host and Network-Based Intrusion Detection
   Personnel   Project Summary   Funding   Publications   Additional Information   Projects   AI Lab  

Personnel

Project Summary

Complex Distributed Systems (e.g., computer systems, communication networks, power systems) are equipped with sensors and measurement devices that gather and store, a variety of data that is useful in monitoring and controlling the operation of such systems. For instance, system logs gathered by multiple computers connected to a network contain information t hat is useful in detecting anomalies and intrusions. Analysis of such system log s over time can lead to discovery of useful knowledge to detect intrusions on the basis of observed activity. An example of an attack involving more than one subsystem would be a combined NFS and rlogin attack wherein an attacker would determine an NFS file handle for an .rhosts file or /etc/hosts.equiv file (assuming that the appropriate file systems are exported by the UNIX system), using the NFS handle rewrite the file to gain login privileges to the attacked host. To detect and respond to such multistage or concerted attacks, the intrusion detection system must have support for gathering and operating on data and knowledge sources from the entire observed system.

This research is aimed at developing, implementing, and evaluating multi-agent systems for integrated host and network based monitoring of large distributed computer and communication networks for intrusions. A system of stationary and mobile software agents will:

Anticipated results of this research include new algorithmic and systems solutions for monitoring of large distributed systems in general, and detection of coordinated or concerted attacks on distributed computing systems in particular.

The proposed research will be closely integrated with education and training of graduate and undergraduate students in Computer Science at Iowa State University.

Funding

Publications

Additional Information

To appear.


Dr. Vasant Honavar
Artificial Intelligence Research Laboratory
Department of Computer Science
Iowa State University
Atanasoff Hall, Ames, IA 50011-1040 USA
phone: +1-515-294-1098, +1-515-294-4377; fax: +1-515-294-0258

© Vasant Honavar, 1999.