Cougar Based Intrusion Detection Systems

This project involves in developing a distributed Security Agent framework for monitoring Ultra*Log environment. The purpose is to detect malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc. and take appropriate actions. Accordingly, it simultaneously monitors Ultra*Log node activities at different levels (Node, Agent and Plug In).The objective is to find correlation among the deviated values (from the normal or defined policy) of monitored parameters to determine specific security violations. The CIDS looks for deviation from the defined normal, based on low-level policy, or examining the past behavior (off-line training). In this agent framework a security node consists of four different agents (Manager agent, Monitor agent, Decision agent and Action agent) and their activities are coordinated through the Manager Agent while sensing, communicating and generating responses. All these functional modules work in coordination to address some specific security issues of the Ultra*Log environment. The current version of CIDS (prototype 1.0) is operational now which provides basic security agent infrastructure.