Title

CONFIDANT: Collaborative object notification framework for insider defense using autonomous network transactions

Authors

Authors

A. J. Rocke;R. F. Demara

Comments

Authors: contact us about adding a copy of your work at STARS@ucf.edu

Abbreviated Journal Title

Auton. Agents Multi-Agent Syst.

Keywords

distributed agent control and dispatch; agent handshaking protocols; network security; intrusion detection system taxonomy; Automation & Control Systems; Computer Science, Artificial Intelligence

Abstract

File Integrity Analyzers serve as a component of an Intrusion Detection environment by performing filesystem inspections to verify the content of security-critical files in order to detect suspicious modification. Existing file integrity frameworks exhibit single point-of-failure exposures. The Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) framework aims at fail-safe and trusted detection of unauthorized modifications to executable, data, and configuration files. In this paper, an IDS architecture taxonomy is proposed to classify and compare CONFIDANT with existing frameworks. The CONFIDANT file integrity verification framework is then defined and evaluated. CONFIDANT utilizes three echelons of agent interaction and four autonomous behaviors. Sensor agents in the lowest echelon comprise the sensor level to generate an assured report to companion agents of computed MD5 file digests. At the control level, beacon agents verify file integrity based on the digests from sensor-level agents assembled over time. Upper echelon transactions occur at the response level. Here watchdog behavior agents dispatch probe agents to implement the alarm signaling protocol. CONFIDANT has been implemented in the Concordia agent environment to evaluate and refine its agent behaviors. Evaluation shows that CONFIDANT mitigates single point-of-failure exposures that are present in existing frameworks.

Journal Title

Autonomous Agents and Multi-Agent Systems

Volume

12

Issue/Number

1

Publication Date

1-1-2006

Document Type

Article

Language

English

First Page

93

Last Page

114

WOS Identifier

WOS:000234922800003

ISSN

1387-2532

Share

COinS