Intelligent programs protect computer environment
In the past, the idea of crime would bring to mind the image of a burglar breaking into your house or stealing your car. Nowadays, criminals use computers to commit crimes  25.11.2008
In the past, the idea of crime would bring to mind the image of a burglar breaking into your house or stealing your car. Nowadays, criminals use computers to commit crimes. Whether someone is across the street or 500 km away, state-of-the-art technology has made it easier for criminals to invade your privacy. Researchers from Carlos III University of Madrid (UC3M) in Spain have devised a system that can both detect intrusions made via computers and kick-start an automated response.

Intrusion detection systems (IDSs) are security tools aimed at monitoring computer systems for any suspicious events. The device is a 'multi-agent system' made up of coordinated autonomous agents that interact with each other with respect to a set of software attributes such as predictability and adaptability.

In order to block any intrusion, the device effectively spots these events and then automatically establishes whether any action should be taken. 'Both these are desirable features in an IDS,' explained Professor Agustin Orfila of UC3M's Department of Informatics.

Current data show that Spain lacks the capacity many other countries have: to launch advanced investigations in multi-agent architectures for IDSs.

For this study, the Spanish team sought to use deliberative agents that are able to adapt to their surroundings and take into account past successes independently: in this way, it can be ascertained whether a response is actually needed when facing a suspicious event, the researcher explained.

The use of a 'quantitative model that weighs the loss that an intrusion would provoke against the cost of taking responsive action' makes this possible, Professor Orfila said. The result is that the IDS multi-agent figures out which system configuration should be used for each event, and determines whether a response is correct or not. This move quantifies the IDS's support of the decision made.

Research has shown that 'port scan attack' (i.e. when someone looks for open ports) and denial-of-service attack are the most common types of intrusion attack. Hackers can then gain unlimited access to targeted computers and try to access them remotely, experts have said.

The US-based National Institute of Standards and Technologies says, 'Intrusion detection is the process of detecting unauthorised use of, or attack upon, a computer or network. IDSs are software or hardware systems that detect such misuse.'

An agent should be imparted with capabilities like adaptation, reactivity and even being able to represent a person, Professor Orfila underlined. 'In this way, the IDS multi-agent architecture allows us to distribute the detection load and better coordinate the process, with the consequence of accomplishing a more efficient detection,' he added.

The best candidates to use the system would be security administrators, because 'it would allow them to quantify the value that the IDS attaches to its decisions and moreover, it would indicate how to adequately tune the IDS to its environment,' Professor Orfila said.

The researcher noted, however, that the IDS would have to be adapted to the traffic of the real network in order to be put into action. The system would also need to be trained for the secure surroundings, and its use would have to be assessed in this real environment.

This study was published in the journal Computer Communication.
For more information, please visit:

Carlos III University of Madrid

Computer Communication
Related stories: 29309
Category: Miscellaneous
Data Source Provider: Carlos III University of Madrid; Computer Communication
Document Reference: Based on information from Carlos III University of Madrid
Subject Index: Information and communication technology applications ; Scientific Research