Security Agents for Network Traffic Analysis

The SANTA system represents a mobile agent approach to distributed intrusion detection. This security agent framework simultaneously monitor multiple levels (packet, process, system, and user) of networked computers to determine correlation among the observed anomalous patterns, reporting such abnormal behavior to the network administrator and/or possibly taking some action to counter a suspected security violation. In current implementation, IBM's AgletsTM Software Development Kit (ASDK) is used as the base agent architecture, along with Adaptive Resonance Theory (ART-2) neural networks for network pattern classification, and a fuzzy logic controller for decision/action resolution. The feasibility of this mobile security agent system is demonstrated and some preliminary results are reported. Though the long-term plan of this project is to develop immunity-based mobile agent architecture from design principles, the use of IBM's AgletsTM in our current implementation is a proof-of-concept for immunity-based intrusion detection system framework.