Title

Mitigation Of Network Tampering Using Dynamic Dispatch Of Mobile Agents

Keywords

File integrity analyzers; Host-based security with network components; Insider risks; Mobile agent behaviours; Tampering modes

Abstract

Detection of malicious activity by insiders, people with legitimate access to resources and services, is particularly difficult in a network environment. In this paper, a novel classification of tampering modes is identified that can be undertaken by insiders against network Intrusion Detection Systems (IDSs). Five categories of tampering modes are defined as spoofing, termination, sidetracking, alteration of internal data, and selective deception. These are further distinguished specifically toward IDS sensor, control, and alarm categories such as spoonfeeding, sugarcoating, and scapegoating. The Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions, or CONFIDANT, uses distributed mobile agents to mitigate these tampering exposures. CONFIDANT employs techniques such as encapsulation, redundancy, scrambling, and mandatory obsolescence. This paper describes how these mitigation techniques are applied within the CONFIDANT framework. The approach focuses on evaluating file integrity through the use of dynamically dispatched mobile agents. © 2004 Elsevier Ltd. All rights reserved.

Publication Date

2-1-2004

Publication Title

Computers and Security

Volume

23

Issue

1

Number of Pages

31-42

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1016/S0167-4048(04)00068-9

Socpus ID

1242263788 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/1242263788

This document is currently not available here.

Share

COinS