Images/ABNW.jpg (11141 bytes)
ajanta-menu.jpg (2499 bytes)
Ajanta homepage

Whats new in the Ajanta Project

People invlolved in Ajanta research

Get in touch

Ajanta papers, technical reports, whitepapers, articles, documents

Download Ajanta Software

Related research and pointers to other info on the web
 
click on the links to go there
 
search

 
 

 
 
   One of the important tasks of a system administrator is to monitor networks to ensure proper system operation and protect system resources from being misused by intruders or attackers. This typically involves monitoring for inconsistencies in user activities, resource usage, system configuration, and enforcing security policies. A large enterprise network typically consists of hundreds of nodes and resources with varying amount of heterogeneity among them in terms of the hardware and software used. The difficulties in monitoring these networks led us to identify the following requirements in a monitoring system. The monitoring functionalities may need to be changed due to hardware or software reconfigurations, change in administrative policies, and addition of new monitoring tools. Also, it should be possible to enhance the monitoring system's capabilities in response to new attacks. This would require the monitoring system to be dynamically configurable} and dynamically extensible. The huge amount of data generated by various nodes and resources need to be analyzed in real-time to detect attacks and alter the monitoring system's detection policies. We call this active monitoring. It is necessary for the monitoring system to be scalable, as the number of nodes in the network increases. As network monitoring employs different kinds of tools, a monitoring system should be able to integrate such tools easily. Attacks could be launched against the monitoring system itself, hence it should be secure. A monitoring system needs to run continuously, so that there is less opportunity for attackers to bypass it. For this, it has to detect the failure of its components and restore them with minimal human intervention. Also, the monitoring system should not hinder the normal operation of the environment in which it is deployed, hence its resource consumption should be within acceptable limits.

   In our research, a mobile-agent based approach is used because it provides several capabilities such as local monitoring to overcome network latency and reduce network load, asynchronous execution, disconnected and autonomous operations, and dynamic adaptability. A mobile-agent represents an object capable of migrating in a network to perform designated tasks at one or more nodes. In our monitoring system, mobile-agents are sent to continuously monitor nodes in a network, perform data filtering locally, and notify other system components of any significant events. As mobile-agents are first-class objects, their state and behavior can be altered remotely by invoking methods on them. These features are used for making the mobile-agents dynamically extensible and securely modifiable.

Sponsors

National Science Foundation (NSF) Grant: ANIR 9813703 and ANI 0087514

 

This page was last modified on: Monday, Febraury 10, 2003 12:20 PM