click
on the links to go there
|
|
|
One of the important tasks of a system administrator is to monitor
networks to ensure proper system operation and protect
system resources from being misused by intruders or attackers. This typically involves
monitoring
for inconsistencies in user activities, resource usage, system
configuration, and enforcing security policies.
A large enterprise network typically consists of hundreds of nodes and resources with varying
amount of heterogeneity among them in terms of the hardware and software used.
The difficulties in monitoring these networks led us to identify the
following requirements in a monitoring system.
The monitoring functionalities may need to be changed due to hardware or software reconfigurations,
change in administrative policies, and addition of new monitoring tools. Also, it should be
possible to enhance the monitoring system's capabilities in response to new attacks.
This would require the monitoring system to be dynamically configurable} and
dynamically extensible.
The huge amount of data generated by various nodes and resources need to be
analyzed in real-time to detect attacks and alter the monitoring system's detection
policies. We call this active monitoring.
It is necessary for the monitoring system to be scalable,
as the number of nodes in the network increases.
As network monitoring employs different kinds of tools, a monitoring system should
be able to integrate such tools easily.
Attacks could be launched against the monitoring system itself, hence it should be secure.
A monitoring system needs to run continuously, so that there is less opportunity
for attackers to bypass it. For this, it has to
detect the failure of its components and restore them with minimal
human intervention. Also, the monitoring system should not hinder the
normal operation of the environment in which it is deployed, hence its resource consumption
should be within acceptable limits.
In our research, a mobile-agent based approach is used because it
provides several capabilities such as local monitoring to overcome network latency and reduce network load,
asynchronous execution, disconnected and autonomous operations, and dynamic adaptability.
A mobile-agent represents an object capable of migrating in a network to perform
designated tasks at one or more nodes.
In our monitoring system, mobile-agents are sent to continuously monitor
nodes in a network, perform data filtering locally, and notify other
system components of any significant events.
As mobile-agents are first-class objects, their state and behavior can be altered
remotely by invoking methods on them. These features are used for making the mobile-agents
dynamically extensible and securely modifiable.
Sponsors
National Science Foundation (NSF) Grant: ANIR 9813703 and ANI 0087514
|
|