Mitigation of network tampering using dynamic dispatch of mobile agents

    Authors

    R. F. DeMara;A. J. Rocke

    Comments

    Authors: contact us about adding a copy of your work at STARS@ucf.edu

    Abbreviated Journal Title

    Comput. Secur.

    Keywords

    host-based security with network components; file integrity analyzers; insider risks; tampering modes; mobile agent behaviours; Computer Science, Information Systems

    Abstract

    Detection of malicious activity by insiders, people with legitimate access to resources and services, is particularly difficult in a network environment. In this paper, a novel classification of tampering modes is identified that can be undertaken by insiders against network Intrusion Detection Systems (IDSs). Five categories of tampering modes are defined as spoofing, termination, sidetracking, alteration of internal data, and selective deception. These are further distinguished specifically toward IDS sensor, control, and alarm categories such as spoon-feeding, sugarcoating, and scapegoating. The Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions, or CONFIDANT, uses distributed mobile agents to mitigate these tampering exposures. CONFIDANT employs techniques such as encapsulation, redundancy, scrambling, and mandatory obsolescence. This paper describes how these mitigation techniques are applied within the CONFIDANT framework. The approach focuses on evaluating file integrity through the use of dynamically dispatched mobile agents. (C) 2004 Elsevier Ltd. All rights reserved.

    Journal Title

    Computers & Security

    Volume

    23

    Issue/Number

    1

    Publication Date

    1-1-2004

    Document Type

    Article

    Language

    English

    First Page

    31

    Last Page

    42

    WOS Identifier

    WOS:000189119200019

    ISSN

    0167-4048

    Share

    COinS