The Use of Agent Technology for Intrusion Detection
Dipankar Dasgupta, University of Memphis
Categories of Intrusive Attacks, Identification, and Detection
Snort Intrusion Detection System
Limitations of IDS Without Agent Technology
Intrusion Detection Using Agents
Advantages of Using Mobile Agents in Intrusion Detection
Drawbacks of Using Mobile Agents
Analysis Techniques, Testing and Validation, and Performance of IDS Agents
Testing and Validation Approaches
Testing Using Sanitized Traffic/Logs
Testing by Generating Traffic on a Testbed Network
A Distributed Security Agent System
Cougaar: A Cognitive Agent Architecture
Cougaar-Based Security Agent Infrastructure
Experimentation and Evaluation of CIDS
INTRODUCTION
With the growing use of Internet applications and automated scripts, it has become very difficult to keep track of all cyber activities. In particular, it is hard to track each and every application, such as Jscript, VBScript, ActiveX, Outlook, Outlook Express, etc. However, it is possible to monitor their effects on the system and its resources. Moreover, it is necessary to analyze monitored network data efficiently for faster attack detection and response.
Intrusion/anomaly detection ...
Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
