The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
An Intelligent Agent-based Model for Security Management
ISCC '02 Proceedings of the Seventh International Symposium on Computers and Communications (ISCC'02)
The Multi-Agent Systems for Computer Network Security Assurance: Frameworks and Case Studies
ICAIS '02 Proceedings of the 2002 IEEE International Conference on Artificial Intelligence Systems (ICAIS'02)
Intranet Security with Micro-Firewalls and Mobile Agents for Proactive Intrusion Response
ICCNMC '01 Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01)
ISICT '03 Proceedings of the 1st international symposium on Information and communication technologies
A cooperative agent-based model for active security systems
Journal of Network and Computer Applications
Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems
Hi-index | 0.00 |
The increasing complexity of various network threats has made the integration and cooperation of multiple security monitoring technologies necessary in network security defense. However, most existing works have focused on certain special monitoring technologies such as intrusion detection, and studies on integrated security monitoring system are quite insufficient. In this paper, a novel formal model called MCSM (Multi-agent Cooperation model for Security Monitoring based on knowledge) is proposed. In MCSM, the integrated security monitoring is modeled as a FSA (Finite State Automata) with multiple agents, and a general knowledge structure for multiple agents is constructed. We have successfully developed an IMS (Integrated Monitoring System) called ACT-BroSA (Broad-spectrum security Scan and Analysis system) based on MCSM. Results of experiments show that the integrated monitoring capability is significantly improved.