Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Ye Guo,Miaoliang Zhu

DOI: https://doi.org/10.1109/IMSCCS.2006.178

2006-01-01

Abstract:Considering the shortcomings of the current worm Defense system, an agent-oriented worm Defense system, AOSWD, is proposed in this paper. In the hierarchical framework of AOSWD, the agents are independent but can roam in the network freely and collaborate with each other to defend against Internet worms. In this paper, we discuss the system architecture and the realization details, propose the key technique for the system and analyze the system performance.

K Xiao,J Zheng,X Wang,XY Xue

2005-01-01

Abstract:MANET: are composed of mobile nodes without any infrosiructure and nodes cooperate to set up routes for network communications. Because of these characters, MANETs operate in open medium, so they are particularly vulnerable to intrusions. In this paper, we present an efficient intrusion detection system called MAPIDS (Mobile Agent-based Peer-to-peer Intrusion Detection System). On detecting a suspicious activity, MAPIDS initiates a voting approach to make a collective decision and take further action. In contrast to other intrusion detection system based on collective decision, MAPIDS saves more bandwidth and energy and it is immune to sparse nodes problem.

Kun Xiao,Ji Zheng,Xin Wang,Xiangyang Xue

DOI: https://doi.org/10.1109/pdcat.2005.34

2005-01-01

Abstract:MANETs are composed of mobile nodes without any infrastructure and nodes cooperate to set up routes for network communications. Because of these characters, MANETs operate in open medium, so they are particularly vulnerable to intrusions. In this paper, we present an efficient intrusion detection system called MAPIDS (Mobile Agent-based Peer-to-peer Intrusion Detection System). On detecting a suspicious activity, MAPIDS initiates a voting approach to make a collective decision and take further action. In contrast to other intrusion detection system based on collective decision, MAPIDS saves more bandwidth and energy and it is immune to sparse nodes problem.

Yi Ping,Yao Yan,Hou Yafei,Zhong Yiping,Zhang Shiyong

DOI: https://doi.org/10.1145/1046290.1046315

2004-01-01

Abstract:A mobile ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. The flexibility in space and time induces new challenges towards the security infrastructure. Contrary to their wired counterpart, mobile ad hoc networks do not have a clear line of defense, and every node must be prepared for encounters with an adversary. Therefore, a centralized or hierarchical network security solution does not work well. We provide scalable, distributed security architecture for mobile ad hoc networks in this paper. The architecture integrates the ideas of immune system and a multi-agent architecture. Compared with traditional security system, the proposed security architecture is designed to be distributed, autonomy, adaptability, scalability.

Xifeng AN,Weihua LI,Zun LIU

DOI: https://doi.org/10.3321/j.issn:0253-987X.2008.12.013

2008-01-01

Abstract:A novel network security cooperative defense technology is studied and a cooperative control framework based on agent mechanism is proposed to solve the lack of cooperative control and whole effect in traditional defense systems. The technology supports both IPv4 and IPv6 protocols and security modules in the framework are associated with each other to accomplish communication and work together. Furthermore, a network security cooperative defense system is composed and the key functions that support the early-alert, audit, accident recovery, network camouflage and so on are also achieved. The pivotal research is emphasized on the key technologies of system call sequences audit model based on machine learning and cooperative accident recovery. Under the condition of 100 M Data flow speed, the NSCDS software's false negative is less than 6% and its false positive is less than 8%. Besides, all module functions work normally and the system can be used to carry out cooperative defense capability.

Yiping Zhong,Ping Yi,Shiyong Zhang

2005-01-01

Abstract:A mobile ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. The flexibility in space and time induces new challenges towards the security infrastructure. Contrary to their wired counterpart, mobile ad hoc networks do not have a clear line of defense, and every node must be prepared for encounters with an adversary. Therefore, a centralized or hierarchical network security solution does not work well. We provide scalable, distributed security architecture for mobile ad hoc networks in this paper. The architecture integrates the ideas of immune system and a multi-agent architecture. Compared with traditional security system, the proposed security architecture is designed to be distributed, autonomy, adaptable, scalable. immune system, intrusion detection, mobile agent, mobile ad hoc network, network security.

SHI Rong-hua,LI Xing-xing

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.12.002

2010-01-01

Abstract:As a new type of wireless mobile communication system,mobile Ad Hoc network has been increasingly being used both in military and civilian uses.However,it is very vulnerable to attacks due to its dynamic changing topology,open medium and so on. Therefore,intrusion detection can be one of the most important technologies for securing mobile Ad Hoc network.This paper proposes a mobile agent-based intrusion detection system model after analyzing the proposed intrusion detection system architectures.This system utilizes both misuse detection and anomaly detection mechanism thus it has high efficiency and low false positive rate in detection.

Yi Ping,Zou Futai,Jiang Xinghao,Li Jianhua

DOI: https://doi.org/10.1016/s1004-4132(08)60021-3

2007-01-01

Abstract:The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions. the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.

P Yi,YP Zhong,SY Zhang

DOI: https://doi.org/10.1007/11428848_77

2005-01-01

Abstract:Mobile ad hoc networking offers convenient infrastructureless communication over the shared wireless channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Existing security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks and there is no automated, network-wide counteraction against detected intrusions. While they all play an important role in counteracting intrusion, they do not, however, effectively address the root cause of the problem – intruders. In this paper, we propose the architecture of automated intrusion response. When an intruder is found in our architecture, the block agents will get to the neighbor nodes of the intruder and formed the mobile firewall to isolate the intruder.

DAI Hang,ZHANG Xin-Jia,ZOU Yi-Xin

2006-01-01

Microprocessors

Abstract:By analyzing the tradition intrusion detection system,we propose the mobile agent-based intrusion detection system by introducing mobile agent theory.The system construction and working flow are devised in the paper.The result tells us IDS based on mobile agent is effective.

Fang Wang,Guanzhong Dai,Dejun Mu

DOI: https://doi.org/10.3969/j.issn.1000-2758.2010.06.027

2010-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Traditional network security measures, such as encryption and authentication, firewalls and intrusion detection systems, are effective in the protection of information confidentiality, integrity, usability, and control access, but are still deficient in cooperative defense and early warning. We present a network security defense system using multi-agents which consists of a cooperative early warning and orientation module, a cooperative auditing module, a security isolation module, and an accident recovery module etc. Multi-level hierarchical agents are responsible for communication tasks between modules, and the agent server in the control center is responsible for unified control and cooperation of the security of the entire network. The entire network is divided into different levels of partition, and different levels of the collaborative early warning and orientation system are established. Each partition is self-governing, and through mutual cooperation the partitions jointly maintain the security of the whole network. Test results on IPv6 environment show that this system is effective in early warning, and the capture rate of the intrusion detection systems reaches 95%, the missed alarm rate is decreased to 6%, and the false alarm rate is decreased to 7%.

YI Ping,LIU Ning,WU Yue,LIU Xiao-guang,ZHOU Yong-kai

DOI: https://doi.org/10.3321/j.issn:1006-2467.2009.06.006

2009-01-01

Abstract:The nature of ad hoc networks makes them vulnerable to security attacks.Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks and there is no automated,network-wide counteraction against detected intrusions.This paper proposed an architecture of cooperation intrusion response based multi-agent.The architecture is composed of mobile agents.Monitor agent resides on every node and monitors its neighbor nodes.Decision agent collects information from monitor nodes,and detects an intrusion by security policies.When an intruder is found in the architecture,the block agents will get to the neighbor nodes of the intruder and form a mobile firewall to isolate the intruder.In the end,the model was evaluated by simulation and test bed.

Yi Ping,Zhong Yiping,Zhang Shiyong

DOI: https://doi.org/10.1007/s11767-004-0162-7

2006-01-01

Journal of Electronics (China)

Abstract:This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.

Hongsong Chen,Zhenzhou Ji,Mingzeng Hu,Zhongchuan Fu,Ruixiang Jiang

DOI: https://doi.org/10.1016/j.jnca.2005.09.006

IF: 7.574

2005-01-01

Journal of Network and Computer Applications

Abstract:Ad hoc networks are becoming an important research aspect due to the self-organization network, dynamically changing topology, temporary network life and equal relationship among member of nodes. However, all the characters of ad hoc network make the security problem more serious. Network security and trustworthiness become the key problems of the network. Denial-of-service and Black hole attacks are the two puzzles in the security of ad hoc network. There are not satisfied solutions to solve the problem. A novel multi-agent-based dynamic lifetime intrusion detection and a response scheme are proposed to combat the two types of attacks. Multi-agents are related to one route request (RREQ)–route reply (RREP) stream. One agent monitors the nodes in three-hop zone. Agent can periodically update itself by the trustworthiness of the neighbor nodes. It can efficiently improve trustworthiness, decrease computing complexity and save energy consumption for network securities. Agent security specifications have been extracted from the feature of the attacks. Multi-agents can trace RREQ and RREP messages, stream to aggregate the key information to link list and MAC-IP control table and analyze them by intrusion detection algorithm. Different security metrics are proposed to quantitatively evaluate network security performance under different attacks. Ns2 simulator is expanded to validate the security scheme. Simulation results show that a multi-agent-based dynamic lifetime security scheme is highly effective to detect and block the two kinds of attacks.

Ping Yi,Yue Wu,Jianhua Li

2007-01-01

Journal of Information and Computational Science

Abstract:Mobile ad hoc networking offers convenient infrastructureless communication over the shared wireless channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Existing security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks and there is no automated, network-wide counteraction against detected intrusions. While they all play an important role in counteracting intrusion, they do not, however, effectively address the root cause of the problem-intruders. In this paper, we propose the architecture of cooperation intrusion response based muti-agent. When an intruder is found in our architecture, the block agents will get to the neighbor nodes of the intruder and formed the mobile firewall to isolate the intruder. In the end, we illustrate our architecture by an example and evaluate it by simulation.

Gm Hu,Zg Huang,Hp Hu,Zh Gong

DOI: https://doi.org/10.1007/978-3-540-30207-0_50

2004-01-01

Abstract:P2P and MANET share many similarities. Deploying P2P application in MANET faces many difficulties, especially when security consideration is incorporated. In this paper we propose a cluster-based architecture combined with a group key management scheme for mobile ad hoc network. A network is divided into clusters and each cluster has a leader called clusterhead. In order to address the problem of service registration and discovery better, we also propose a simple multicast-tree algorithm which organizes all clusterheads into trees based on each source clusterhead. The feasibility of this concept was verified by simulation results.

Liu Xin,Xin Zhaojun,Shi Leyi

DOI: https://doi.org/10.1109/EIDWT.2013.85

2013-01-01

Abstract:Malicious codes can propagate rapidly by exploiting software vulnerabilities. In order to prevent the explosion of malicious codes in P2P networks, an automatic patching mechanism based on social computing is proposed. The security server generates automatic patches, and then selects the vulnerable nodes to push automatic patches. Automatic patches propagate rapidly along social network, so that the peers in P2P network covered by social network can be patched, which will improve the security of the whole P2P network. Experiments show this mechanism is more efficient than other patching mechanisms in P2P networks.

JH Wang,JP Hu,K Hu

DOI: https://doi.org/10.1109/dexa.2000.875061

2000-01-01

Abstract:Mobile agents can move between different agencies on different network nodes. This brand-new distributed computing mode is facing a security threat. This paper describes the security of our Unigent system. It also enlarges the issue of agent-based distributed computing from the aspects of anonymity, region and heterogeneity

CHEN Bo,LUO Guang-Chun,LU Xian-Liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.04.028

2006-01-01

Computer Science

Abstract:When traditional Intrusion Detection System (IDS) is used to detect and analyze in WAN,it usually causes the computation bottleneck.This paper presents a new Mobile Agent Distributed IDS (MADIDS) system based on the mobile agents.This system is specifically designed for WAN.In MADIDS,the agents that are set at each node process the data transfer by distributed computation architecture.It has the ability of intrusion detection within the entire net- work and has good portability.The consumption of the network and servers' resources is not high,which means the possibility of network bottleneck is decreased.In this paper,we construct the infrastructure and theoretical model of MADIDS,and the deficiencies of MADIDS and future research work are also indicated.