Trapping, blocking and redirection of network security attacks against a network using a community of intelligent agents

  • Authors:

  • Tamer A. Da Silva;Robson De O. Albuquerque;Fábio M. Buiati;Ricardo S. Puttini;Rafael T. De Sousa, Jr.

  • Affiliations:

  • Departamento de Engenharia Elétrica e Redes de Comunicação, Universidade de Brasília, Brasília, DF, Brasil;Departamento de Engenharia Elétrica e Redes de Comunicação, Universidade de Brasília, Brasília, DF, Brasil;Departamento de Engenharia Elétrica e Redes de Comunicação, Universidade de Brasília, Brasília, DF, Brasil;Departamento de Engenharia Elétrica e Redes de Comunicação, Universidade de Brasília, Brasília, DF, Brasil;Departamento de Engenharia Elétrica e Redes de Comunicação, Universidade de Brasília, Brasília, DF, Brasil

  • Venue:
  • ICAI'05/MCBC'05/AMTA'05/MCBE'05 Proceedings of the 6th WSEAS international conference on Automation & information, and 6th WSEAS international conference on mathematics and computers in biology and chemistry, and 6th WSEAS international conference on acoustics and music: theory and applications, and 6th WSEAS international conference on Mathematics and computers in business and economics
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Computer network attack analysis is part of security experts tasks that searches to improve the knowledge in order to find a better way of defending networks and also gathering evidences capable to solve digital crimes. Honeypots usage is one possible way to achieve this objective. New technologies enable honeypots to be accessed through traffic redirection where suspected actions are quietly forwarded from production to honeypots environment, protecting the production servers. However, actual developed solutions has some limitations that do not consider requirements that enable this technology be widely used beyond academic and scientific environment. This paper proposes a community of collaborative agents system to take decisions based in detected attacks by an intrusion detection system which protects the target computer in the production network redirecting the suspected traffic to a similar computer in a honeynet. To evaluate the system, an environment was created and various attacks were simulated on it.