Arquitectura multi-agente adaptativa para la detección de ataques en entornos dinámicos y distribuidos /
Distributed computing surged inside the academic and research communities trying to satisfy the growing need of connectivity and collaboration among the members of these communities, and have acquired a high importance for the industrial and business sectors. Nowadays there exists a high level of de...
| Autor principal: | |
|---|---|
| Otros Autores: | , |
| Formato: | Tesis Libro |
| Lenguaje: | Spanish |
| Publicado: |
Salamanca, España :
Universidad de Salamanca,
2010
|
| Materias: |
| Sumario: | Distributed computing surged inside the academic and research communities trying to satisfy the growing need of connectivity and collaboration among the members of these communities, and have acquired a high importance for the industrial and business sectors. Nowadays there exists a high level of dependence of the business and users on the distributed systems. However, as the distributed computing becomes a relevant paradigm for the business applications, there are new problems related to the information security. In this way, itis possible to find different threats aimed at exploiting the vulnerabilities of the components of the distributed applications. These threats mainly affect the application layer of the systems, since this layer can be considered as a key point for the user access and it is sensitive to security problems. Two of the threats that have gained an increasing relevance during the last years, especially regarding the frequency of the attacks and the impact on the functioning of the systems, are the SQL injection attacks and the denial of service attacks based on XML, in web services environments (XDoS). Both types of attack are characterized by the wide variety of techniques that can be used for the attack, and are a risk for the confidentiality and integrity of the data and the applications, but mainly for the availability of the resources. Current security policies are focused on guarantee confidentiality and integrity of the data, but more efforts are required to guarantee availability of the resources As itis necessary to provide new solutions to guarantee security for these types of threat, in this work is presented AlDeMaS, a multi-agent architecture designed for intrusion detection in distributed systems. The architecture defines different agent types that are specialized on the execution of the tasks that compose the attack detection process. The core component of the AlDeMaS architecture is a classification mechanism based on a CBR-BDI agent type, a deliberative agent type that integrates a case based reasoning engine in its internal structure. SQL injection and XDoS attacks detection requires new solutions and this study proposes a novel perspective where the detection strategy can be adapted to the continuous changes that occur in the techniques of attack, mainly based on the learning and adaptation capabilities of the CBR-BDI agents. Finally, to classify the attack patterns, the CBR-BDI agent incorporates automatic learning techniques in its internal structure. Machine learning is a promising field for the intrusion detection and allows proposing innovative strategies. Summarizing, the proposed architecture represents a meaningful advance in the field of intrusion detection, providing a new perspective that makes use of a set of technologies and techniques of the Artificial Intelligence. Distributed computing surged inside the academic and research communities trying to satisfy the growing need of connectivity and collaboration among the members of these communities, and have acquired a high importance for the industrial and business sectors. Nowadays there exists a high level of dependence of the business and users on the distributed systems. However, as the distributed computing becomes a relevant paradigm for the business applications, there are new problems related to the information security. In this way, itis possible to find different threats aimed at exploiting the vulnerabilities of the components of the distributed applications. These threats mainly affect the application layer of the systems, since this layer can be considered as a key point for the user access and it is sensitive to security problems. Two of the threats that have gained an increasing relevance during the last years, especially regarding the frequency of the attacks and the impact on the functioning of the systems, are the SQL injection attacks and the denial of service attacks based on XML, in web services environments (XDoS). Both types of attack are characterized by the wide variety of techniques that can be used for the attack, and are a risk for the confidentiality and integrity of the data and the applications, but mainly for the availability of the resources. Current security policies are focused on guarantee confidentiality and integrity of the data, but more efforts are required to guarantee availability of the resources As itis necessary to provide new solutions to guarantee security for these types of threat, in this work is presented AlDeMaS, a multi-agent architecture designed for intrusion detection in distributed systems. The architecture defines different agent types that are specialized on the execution of the tasks that compose the attack detection process. The core component of the AlDeMaS architecture is a classification mechanism based on a CBR-BDI agent type, a deliberative agent type that integrates a case based reasoning engine in its internal structure. SQL injection and XDoS attacks detection requires new solutions and this study proposes a novel perspective where the detection strategy can be adapted to the continuous changes that occur in the techniques of attack, mainly based on the learning and adaptation capabilities of the CBR-BDI agents. Finally, to classify the attack patterns, the CBR-BDI agent incorporates automatic learning techniques in its internal structure. Machine learning is a promising field for the intrusion detection and allows proposing innovative strategies. Summarizing, the proposed architecture represents a meaningful advance in the field of intrusion detection, providing a new perspective that makes use of a set of technologies and techniques of the Artificial Intelligence. |
|---|---|
| Notas: | Doctorado en Informática y Automática. |
| Descripción Física: | xvi, 223 páginas : ilustraciones, tablas, gráficas ; 25 cm |
| Bibliografía: | Incluye bibliografía, páginas 201-223 y anexo, páginas 197-1999. |
| Acceso: | No se presta a domicilio. |