• DocumentCode
    3391988
  • Title

    Multi-agent system for security auditing and worm containment in metropolitan area networks

  • Author

    Gou, Xiantai ; Jin, Weidong

  • Author_Institution
    Sch. of Electr. Eng., Southwest Jiaotong Univ., Chengdu, China
  • fYear
    2005
  • fDate
    4-8 April 2005
  • Firstpage
    201
  • Lastpage
    207
  • Abstract
    Security auditing and worm containment is used to guarantee the network security in metropolitan area networks. Multi-agent system for security auditing and worm containment in MAN (MSAWCM) is presented to audit user´s accesses and provide a first-class automatic reaction mechanism that automatically applies containment strategies to prevent clean host from being infected by blocking the propagation of the worms MSAWCM uses broadband access server as information gathering agent that uses hardware packet filter (HPF) to get packet from MAN. It adaptively studies and audits the accessing in the whole network and dynamically changes the working parameters to detect the unknown worms. MSAWCM integrates worm detection system (WDS) and network management system (NMS). Reaction measures can be taken by using SNMP interface to control BAS as soon as the WDS detect the active worm. MSAWCM is very effective in blocking random scanning worms that are very noisy and tend to waste a lot of network bandwidth and crash routers. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MSAWCM blocking the propagation of the worms.
  • Keywords
    invasive software; metropolitan area networks; multi-agent systems; telecommunication network management; MAN; MSAWCM; SNMP interface; broadband access server; crash routers; first-class automatic reaction; hardware packet filter; information gathering agent; metropolitan area network; multiagent system; network bandwidth; network management system; network security; random scanning worm; security auditing; worm containment; worm detection system; Bandwidth; Ethernet networks; Information processing; Information security; Intelligent agent; Intelligent networks; Metropolitan area networks; Multiagent systems; Protection; Spine;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Autonomous Decentralized Systems, 2005. ISADS 2005. Proceedings
  • Print_ISBN
    0-7803-8963-8
  • Type

    conf

  • DOI
    10.1109/ISADS.2005.1452052
  • Filename
    1452052