A mobile-agent based distributed dynamic μFirewall architecture

Author

Xian, Feng ; Jin, Hai ; Liu, Ke ; Han, Zongfen

Author_Institution

Internet & Cluster Comput. Center, Huazhong Univ. of Sci. & Technol., Wuhan, China

fYear

2002

fDate

17-20 Dec. 2002

Firstpage

431

Lastpage

436

Abstract

With the development of enterprise Intranet and cluster servers, many emerging security challenges could not be solved by conventional firewall due to its inner deficiency. To address these security problems, we present a mobile-agent based distributed dynamic μFirewall architecture. In this architecture, special mobile agents implement a dynamic security policy reconfiguration and enhance the scalability. Each μFirewall is built with a packet filter and DTE-enhanced evaluator to provide dual fine-grain protection at the individual host level. A distributed intrusion detection and response (DIDR) system provides a fast response to both external and internal attacks, and allows an adaptive change in the security policy in the protected network. The DIDR system provides the infrastructure to support hierarchical intrusion responses and dynamic security capabilities. The distributed security architecture is scalable, topology independent, and intrusion-tolerant.

Keywords

authorisation; distributed processing; local area networks; mobile agents; parallel architectures; security of data; μFirewall architecture; distributed dynamic architecture; distributed intrusion detection response system; domain type enforcement; dynamic security policy; enterprise Intranet; firewalls; mobile agents; scalability; Computer architecture; Filters; Internet; Intrusion detection; Mobile agents; Mobile computing; Network topology; Protection; Scalability; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel and Distributed Systems, 2002. Proceedings. Ninth International Conference on

ISSN

1521-9097

Print_ISBN

0-7695-1760-9

Type

conf

DOI

10.1109/ICPADS.2002.1183435

Filename

1183435