3 research outputs found
Multi-step scenario matching based on unification
This paper presents an approach to multi-step scenario specification and matching, which aims to address some of the issues and problems inherent in to scenario specification and event correlation found in most previous work. Our approach builds upon the unification algorithm which we have adapted to provide a seamless, integrated mechanism and framework to handle event matching, filtering, and correlation. Scenario specifications using our framework need to contain only a definition of the misuse activity to be matched. This characteristic differentiates our work from most of the previous work which generally requires scenario specifications also to include additional information regarding how to detect the misuse activity. In this paper we present a prototype implementation which demonstrates the effectiveness of the unification-based approach and our scenario specification framework. Also, we evaluate the practical usability of the approac
A Methodology for Modelling Mobile Agent-Based Systems (Mobile agent Mobility Methodology - MaMM)
Mobile agents are a particular type of agents that have all the characteristics of
an agent and also demonstrate the ability to move or migrate from one node to
another in a network environment. Mobile agents have received considerable
attention from industry and the research community in recent times due to the
fact that their special characteristic of migration help address issues such as
network overload, network latency and protocol encapsulation. Due to the current
focus in exploiting agent technology mainly in a research environment, there has
been an influx of software engineering methodologies for developing multi-agent
systems. However, little attention has been given to modelling mobile agents. For
mobile agent-based systems to become more widely accepted there is a critical
need for a methodology to be developed to address various issues related to
modelling mobility of agent . This research study provides an overview of the
current approaches, methodologies and modelling languages that can be used
for developing multi-agent systems. The overview indicates extensive research
on methodologies for modelling multi-agent systems and little on mobility in
mobile agent-based systems. An original contribution in this research known as
Mobile agent-based Mobility Methodology (MaMM) is the methodology for
modelling mobility in mobile agent-based systems using underlying principles of
Genetic Algorithms (GA) with emphasis on fitness functions and genetic
representation. Delphi study and case studies were employed in carrying out this
research
An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes