О применении интеллектуальных технологий в мониторинге компьютерных сетей

В статье рассматриваются некоторые вопросы применения интеллектуальных технологий в сетевом мониторинге компьютерных сетей (КС), которые являются очень важными дополнениями к системам сетевого мониторинга. А именно вопросы использования мобильных агентов в системах сетевого мониторинга и управления КС, а также методов машинного обучения для классификации сетевого трафика КС.In this article some issues of application of intelligent technologies at the network monitoring of computer networks (CN) are discussed, which are very important additions to the network monitoring systems. Namely, using of mobile agents in the network monitoring systems and management of CN, as well as methods of machine learning for classification of CN network traffic

Securing mobile agent in hostile environment.

by Mo Chun Man.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 72-80).Abstracts in English and Chinese.Chapter 1 --- INTRODUCTION --- p.1Chapter 1.1 --- The Mobile Agents --- p.2Chapter 1.2 --- The Mobile Agent Paradigm --- p.4Chapter 1.2.1 --- Initiatives --- p.5Chapter 1.2.2 --- Applications --- p.7Chapter 1.3 --- The Mobile Agent S ystem --- p.8Chapter 1.4 --- Security in Mobile Agent System --- p.9Chapter 1.5 --- Thesis Organization --- p.11Chapter 2 --- BACKGROUND AND FOUNDATIONS --- p.12Chapter 2.1 --- Encryption/Decryption --- p.12Chapter 2.2 --- One-way Hash Function --- p.13Chapter 2.3 --- Message Authentication Code (MAC) --- p.13Chapter 2.4 --- Homomorphic Encryption Scheme --- p.14Chapter 2.5 --- One-Round Oblivious Transfer --- p.14Chapter 2.6 --- Polynomial-time Algorithms --- p.14Chapter 2.7 --- Circuit --- p.15Chapter 3 --- SURVEY OF PROTECTION SCHEMES ON MOBILE AGENTS --- p.16Chapter 3.1 --- Introduction --- p.16Chapter 3.2 --- Detection Approaches --- p.17Chapter 3.2.1 --- Execution Traces --- p.17Chapter 3.2.2 --- Partial Result Encapsulation --- p.18Chapter 3.2.3 --- State Appraisal --- p.20Chapter 3.3 --- Prevention Approaches --- p.20Chapter 3.3.1 --- Sliding Encryption --- p.20Chapter 3.3.2 --- Tamper-resistant Hardware --- p.21Chapter 3.3.3 --- Multi-agent Cooperation --- p.22Chapter 3.3.4 --- Code Obfuscation --- p.23Chapter 3.3.5 --- Intention Spreading and Shrinking --- p.26Chapter 3.3.6 --- Encrypted Function Evaluation --- p.26Chapter 3.3.7 --- Black Box Test Prevention --- p.27Chapter 3.4 --- Chapter Summary --- p.29Chapter 4 --- TAXONOMY OF ATTACKS --- p.30Chapter 4.1 --- Introduction --- p.30Chapter 4.2 --- Whatis attack? --- p.31Chapter 4.3 --- How can attacks be done? --- p.32Chapter 4.4 --- Taxonomy of Attacks --- p.33Chapter 4.4.1 --- Purposeful Attack --- p.33Chapter 4.4.2 --- Frivolous Attack --- p.36Chapter 4.4.3 --- The Full Taxonomy --- p.38Chapter 4.5 --- Using the Taxonomy --- p.38Chapter 4.5.1 --- Match to Existing Protection Schemes --- p.38Chapter 4.5.2 --- Insight to Potential Protection Schemes --- p.41Chapter 4.6 --- Chapter Summary --- p.42Chapter 5 --- PROTECTION FOR REACTIVE MOBILE AGENTS --- p.43Chapter 5.1 --- Introduction --- p.43Chapter 5.2 --- The Model --- p.45Chapter 5.2.1 --- The Non-reactive and Reactive Mobile Agent Model --- p.45Chapter 5.2.2 --- The Computation Flow --- p.47Chapter 5.2.3 --- An Example --- p.49Chapter 5.3 --- tools --- p.51Chapter 5.3.1 --- Encrypted Circuit Construction --- p.51Chapter 5.3.2 --- Circuit Cascading --- p.53Chapter 5.4 --- Proposed Protection Scheme --- p.54Chapter 5.4.1 --- Two-hop Protocol --- p.55Chapter 5.4.2 --- Multi-hop Protocol --- p.60Chapter 5.5 --- Security Analysis --- p.60Chapter 5.5.1 --- Security under Purposeful Attacks --- p.61Chapter 5.5.2 --- Security under Frivolous Attacks --- p.62Chapter 5.6 --- Improvements --- p.62Chapter 5.6.1 --- Basic Idea --- p.63Chapter 5.6.2 --- Input Retrieval Protocol --- p.63Chapter 5.6.3 --- Combating Frivolous Attacks --- p.65Chapter 5.7 --- Further Considerations --- p.66Chapter 5.8 --- Chapter Summary --- p.67Chapter 6 --- CONCLUSIONS --- p.68APPENDIX --- p.71BIBLIOGRAPHY --- p.7

Architectural components for the efficient design of mobile agent systems

Over the past eighteen months, there has been a renewed interest in mobile agent technology due to the continued exponential growth of Internet applications, the establishment of open standards for these applications, as well as the semantic web developments. However, the lack of a standardised programming model addressing all aspects of mobile agent systems prevents widespread deployment of the potentially useful technology. The architectural requirements dealing with all aspects of a mobile agent system are not clearly stipulated. As a result, the commercially available mobile agent systems and mobile agent tool kits address different mobile agent issues, and little reuse of available technologies and architectures takes place. The purpose of this paper is to describe an architectural model that identifies the components representing the essential aspects of a mobile agent system. Due to the intensive nature of development, implementation and testing of this model, we describe preliminary work. However, in the meanwhile, there are benefits associated with this preliminary model, namely that it provides a clear understanding of the architectural issues of mobile agent computing, giving novice researchers and practitioners who enters the field for the first time a foundation for making sensible decisions when researching, designing and developing mobile agents. The model is also significant in that it provides a benchmark for researchers and developers to measure the capabilities of mobile agents created by commercially available tool kits.Mobile Agent Systems, Software architecture modelSchool of Computin

Multi-agent system security for mobile communication

This thesis investigates security in multi-agent systems for mobile communication. Mobile as well as non-mobile agent technology is addressed. A general security analysis based on properties of agents and multi-agent systems is presented along with an overview of security measures applicable to multi-agent systems, and in particular to mobile agent systems. A security architecture, designed for deployment of agent technology in a mobile communication environment, is presented. The security architecture allows modelling of interactions at all levels within a mobile communication system. This architecture is used as the basis for describing security services and mechanisms for a multi-agent system. It is shown how security mechanisms can be used in an agent system, with emphasis on secure agent communication. Mobile agents are vulnerable to attacks from the hosts on which they are executing. Two methods for dealing with threats posed by malicious hosts to a trading agent are presented. The rst approach uses a threshold scheme and multiple mobile agents to minimise the eect of malicious hosts. The second introduces trusted nodes into the infrastructure. Undetachable signatures have been proposed as a way to limit the damage a malicious host can do by misusing a signature key carried by a mobile agent. This thesis proposes an alternative scheme based on conventional signatures and public key certicates. Threshold signatures can be used in a mobile agent scenario to spread the risk between several agents and thereby overcome the threats posed by individual malicious hosts. An alternative to threshold signatures, based on conventional signatures, achieving comparable security guarantees with potential practical advantages compared to a threshold scheme is proposed in this thesis. Undetachable signatures and threshold signatures are both concepts applicable to mobile agents. This thesis proposes a technique combining the two schemes to achieve undetachable threshold signatures. This thesis denes the concept of certicate translation, which allows an agent to have one certicate translated into another format if so required, and thereby save storage space as well as being able to cope with a certicate format not foreseen at the time the agent was created

Secure execution of mobile agents on open networks using cooperative agents.

Yu Chiu-Man.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 93-96).Abstracts in English and Chinese.Abstract --- p.iAcknowledgements --- p.iiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Advantages of mobile agents --- p.2Chapter 1.2 --- Security --- p.3Chapter 1.3 --- Contributions --- p.3Chapter 1.4 --- Structure --- p.4Chapter 2 --- The Problem of Execution Tampering Attack --- p.5Chapter 2.1 --- Mobile agent execution model --- p.5Chapter 2.2 --- Tampering attack from malicious hosts --- p.5Chapter 2.3 --- Open network environment --- p.6Chapter 2.4 --- Conclusion --- p.6Chapter 3 --- Existing Approaches to Solve the Execution Tampering Prob- lem --- p.8Chapter 3.1 --- Introduction --- p.8Chapter 3.2 --- Trusted execution environment --- p.9Chapter 3.2.1 --- Closed system --- p.9Chapter 3.2.2 --- Trusted hardware --- p.9Chapter 3.3 --- Tamper-detection --- p.11Chapter 3.3.1 --- Execution tracing --- p.11Chapter 3.4 --- Tamper-prevention --- p.12Chapter 3.4.1 --- Blackbox security --- p.12Chapter 3.4.2 --- Time limited blackbox --- p.13Chapter 3.4.3 --- Agent mess-up --- p.15Chapter 3.4.4 --- Addition of noisy code --- p.15Chapter 3.4.5 --- Co-operating agents --- p.16Chapter 3.5 --- Conclusion --- p.17Chapter 4 --- Tamper-Detection Mechanism of Our Protocol --- p.18Chapter 4.1 --- Introduction --- p.18Chapter 4.2 --- Execution tracing --- p.18Chapter 4.3 --- Code obfuscation --- p.21Chapter 4.3.1 --- Resilience of obfuscating transformation --- p.22Chapter 4.4 --- Execution tracing with obfuscated program --- p.23Chapter 4.5 --- Conclusion --- p.27Chapter 5 --- A Flexible Tamper-Detection Protocol by Using Cooperating Agents --- p.28Chapter 5.1 --- Introduction --- p.28Chapter 5.1.1 --- Agent model --- p.29Chapter 5.1.2 --- Execution model --- p.30Chapter 5.1.3 --- System model --- p.30Chapter 5.1.4 --- Failure model --- p.30Chapter 5.2 --- The tamper-detection protocol --- p.30Chapter 5.3 --- Fault-tolerance policy --- p.38Chapter 5.4 --- Costs of the protocol --- p.38Chapter 5.5 --- Discussion --- p.40Chapter 5.6 --- Conclusion --- p.42Chapter 6 --- Verification of the Protocol by BAN Logic --- p.43Chapter 6.1 --- Introduction --- p.43Chapter 6.2 --- Modifications to BAN logic --- p.44Chapter 6.3 --- Term definitions --- p.45Chapter 6.4 --- Modeling of our tamper-detection protocol --- p.46Chapter 6.5 --- Goals --- p.47Chapter 6.6 --- Sub-goals --- p.48Chapter 6.7 --- Assumptions --- p.48Chapter 6.8 --- Verification --- p.49Chapter 6.9 --- Conclusion --- p.53Chapter 7 --- Experimental Results Related to the Protocol --- p.54Chapter 7.1 --- Introduction --- p.54Chapter 7.2 --- Experiment environment --- p.54Chapter 7.3 --- Experiment procedures --- p.55Chapter 7.4 --- Experiment implementation --- p.56Chapter 7.5 --- Experimental results --- p.61Chapter 7.6 --- Conclusion --- p.65Chapter 8 --- Extension to Solve the ´حFake Honest Host´ح Problem --- p.68Chapter 8.1 --- Introduction --- p.68Chapter 8.2 --- "The method to solve the ""fake honest host"" problem" --- p.69Chapter 8.2.1 --- Basic idea --- p.69Chapter 8.2.2 --- Description of the method --- p.69Chapter 8.3 --- Conclusion --- p.71Chapter 9 --- Performance Improvement by Program Slicing --- p.73Chapter 9.1 --- Introduction --- p.73Chapter 9.2 --- Deployment of program slicing --- p.73Chapter 9.3 --- Conclusion --- p.75Chapter 10 --- Increase Scalability by Supporting Multiple Mobile Agents --- p.76Chapter 10.1 --- Introduction --- p.76Chapter 10.2 --- Supporting multiple mobile agents --- p.76Chapter 10.3 --- Conclusion --- p.78Chapter 11 --- Deployment of Trust Relationship in the Protocol --- p.79Chapter 11.1 --- Introduction --- p.79Chapter 11.2 --- Deployment of trust relationship --- p.79Chapter 11.3 --- Conclusion --- p.82Chapter 12 --- Conclusions and Future Work --- p.83A Data of Experimental Results --- p.86Publication --- p.92Bibliography --- p.9

A framework for the protection of mobile agents against malicious hosts

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performanceComputingD.Phil

Esquema de segurança para agentes móveis em sistemas abertos

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro de Tecnológico. Programa de Pós-Graduação em Engenharia ElétricaO paradigma de agentes móveis vem sendo utilizado em sistemas distribuídos, principalmente, devido a sua flexibilidade proveniente da noção de mobilidade. A capacidade para mover agentes em um sistema aberto permite o desenvolvimento de serviços e aplicações mais flexíveis e dinâmicos quando comparado com o modelo cliente-servidor. Apesar das suas vantagens, a tecnologia de agentes móveis introduz novas ameaças de segurança ao sistema que, muitas vezes, impedem a sua ampla aceitação. Esta tese propõe um esquema de segurança para aplicações baseadas em agentes móveis em sistemas abertos (chamado MASS), composto de técnicas de prevenção e de detecção, que visam prover segurança para o canal de comunicação, para as plataformas de agentes e para os próprios agentes. Para ser corretamente implantado em sistemas abertos, este esquema combina os aspectos da segurança com questões de portabilidade, interoperabilidade, escalabilidade, compatibilidade, simplicidade e desempenho. As técnicas disponíveis no MASS estão baseadas na infra-estrutura SPKI, no conceito de Federação SPKI e em protocolos criptográficos. Para atender às necessidades específicas de aplicações, este esquema é flexível de modo que o mesmo pode ser especializado através da seleção de um subconjunto de mecanismos. Ainda neste trabalho, um protótipo foi definido, implementado e integrado a uma aplicação distribuída de forma a comprovar a sua flexibilidade e viabilidade de uso em sistemas abertos