An intelligent agent approach for security management

Nowadays, the number of individual users, government agencies and companies with Internet access is expanding rapidly, and lots of them have a Web site. As a result, businesses are enthusiastic about setting up facilities on the Web for electronic commerce. But, the openness of business toward Internet is performed at the prize of high security risks. Every professional knows that the only way to secure completely a private network is to make it unreachable. However, even if this solution was undertaken for many years, today it is not possible to close private network especially for business purpose. As businesses wake up to this reality, the demand for secure Web services becomes an important issue that must be considered carefully. The focus of our work concerns one critical security management issue that is intrusion detection. Some draw-backs of existing systems reveal the necessity of designing a new generation of self-adaptive systems. In fact, self-control, flexibility, adaptability, autonomy and distribution are the main features to be addressed in a suitable architecture that fulfills these requirements. The introduction of multi-agents system (MAS) in a network seems so promising to enable network entities to perform adaptive and "intelligent" behavior. "Intelligence" means that network entities provide reasoning capabilities, exhibit behavior autonomy, adapt-ability, interaction, communication and co-operation in order to reach specified goals. In this context, we propose a new approach for intrusion detection using intelligent agent (IA) technology. This approach appears an appropriate candidate to make a balance between security requirements, system flexibility and adaptability for intrusion detection.
Our paper investigates some scenarios using IA technology in the context of security management. It is orga-nized as described in the following; the first part gives an overview of frequent and recent attacks, which tar-gets the e-commerce servers. The multi-agents architecture for intrusion detection and the intelligent agent model are described in the second part. In the third part, we give an overall description of DIMA*, the oper-ational multi-agents platform we used for the implementation of our intelligent agents. In the fourth part, we present a case study using our proposed IA architecture to detect an ICMP flooding attack to a web server.