Welcome to the InfoSci Platform
Agents in Security: A Look at the Use of Agents in Host-Based Monitoring and Protection and Network Intrusion Detection

Agents in Security: A Look at the Use of Agents in Host-Based Monitoring and Protection and Network Intrusion Detection

Theodor Richardson
Copyright: © 2009 |Pages: 16
ISBN13: 9781605662367|ISBN10: 1605662364|EISBN13: 9781605662374
DOI: 10.4018/978-1-60566-236-7.ch022
Cite Chapter Cite Chapter

MLA

Richardson, Theodor. "Agents in Security: A Look at the Use of Agents in Host-Based Monitoring and Protection and Network Intrusion Detection." Handbook of Research on Agent-Based Societies: Social and Cultural Interactions, edited by Goran Trajkovski and Samuel G. Collins, IGI Global, 2009, pp. 325-340. https://doi.org/10.4018/978-1-60566-236-7.ch022

APA

Richardson, T. (2009). Agents in Security: A Look at the Use of Agents in Host-Based Monitoring and Protection and Network Intrusion Detection. In G. Trajkovski & S. Collins (Eds.), Handbook of Research on Agent-Based Societies: Social and Cultural Interactions (pp. 325-340). IGI Global. https://doi.org/10.4018/978-1-60566-236-7.ch022

Chicago

Richardson, Theodor. "Agents in Security: A Look at the Use of Agents in Host-Based Monitoring and Protection and Network Intrusion Detection." In Handbook of Research on Agent-Based Societies: Social and Cultural Interactions, edited by Goran Trajkovski and Samuel G. Collins, 325-340. Hershey, PA: IGI Global, 2009. https://doi.org/10.4018/978-1-60566-236-7.ch022

Export Reference

Mendeley
Favorite

Abstract

Network Intrusion Detection Systems (NIDS) are designed to differentiate malicious traffic, from normal traf- fic, on a network system to detect the presence of an attack. Traditionally, the approach around which these systems are designed is based upon an assumption made by Dorothy Denning in 1987, stating that malicious traffic should be statistically differentiable from normal traffic. However, this statement was made regarding host systems and was not meant to be extended without adjustment to network systems. It is therefore necessary to change the granularity of this approach to find statistical anomalies per host as well as on the network as a whole. This approach lends itself well to the use of emergent monitoring agents per host, that have a central aggregation point with a visualization of the network as a whole. This chapter will discuss the structure, training, and deployment of such an agent-based intrusion detection system and analyze its viability in comparison to the more traditional anomaly-based approach to intrusion detection.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.