A Framework for Network Security, Privacy and Adaptability Management through Mobile Software Agents

Abstract

This thesis targets network security – an essential area of computer science, which has gained progressively attention of researchers due to concerns and potential damages in various organizations. More specifically, it deals with insider threat that is less focused than the external threat. Software agents have been used as a technology in this research that autonomously roam around network. Software agents are diversified research area that covers artificial intelligence, programming abstraction and distributed computing. During literature surveys of various agent platforms it has been summed up that both agent standards, FIPA and MASIF, have their own advantages and disadvantages but still some missing features were pointed out such as security, distributed events and multicasting that are not well focused at all by any of the available standards. There are two possible ways to focus the problem, i.e. either these two standards may be combined or another standard may be proposed to include all features necessary for a true agent system. While working on the Agent based Security Framework, first a vulnerability assessment model has been developed that presents an agent based solution and demonstrates that both insiders and outsiders exploit the weaknesses of the system. The literature survey and the practical results of the model reveal that the insider threat is more critical than the outsider. During development of vulnerability assessment model many practical issues have been identified and appropriate solution has been proposed. For the assessment, both agent platform-dependent and platform- independent approaches were used to achieve the task. After comparing results of both approaches, it was proposed that a qualitative, standardized and comprehensive management of the agents is only possible with established and recognized agent platforms. Considering privacy as another component of dissertation, the Agent-based Profiling model has been developed. The model considers an individual’s personality profile to identify real personality in the cyberspace; Guard and guide to use internet resources, and analyzing social interactions to create social community. Major indicators involving profile generation and personality identification have been viiiargued and implemented. The framework helps to create virtual social community in the cyberspace where users are guarded and guided to use internet resources according to their actual profiles and the interests. The profiling model has been implemented in two different ways, i.e. JADE and .Net framework. Test results show that .Net framework supports many advanced tools and technologies therefore and agent platform on the top of the .Net framework is proposed to develop agent based models. Hence, the proposed solution to insider threat will be integrated on the top of agent technology to autonomously monitor and predict human behavior. As human behavior is difficult to predict, therefore autonomously monitoring user behavior is the key solution to avoid insider threat. The FIPA-compliant agent framework for profiling, ACENET (Agent Collaborative Environment based on .NET), has been developed to solve the problem. The proposed profiling framework allows identifying anomalies in user activities either online or offline. Online monitoring is carried out in real time that is used to catch the sensitive activity started by user against organization’s policy. Offline monitoring is carried out on daily, weekly and monthly basis and is based on the analysis of specified factors. Both online and offline monitoring use agent based approach to identify anomalies in user activities. Motivation behind the proposed model is that many procedural security measures are being taken by the organizations at lower level. This dissertation focuses on high level security measures through profiling based agent system to detect the activities user is performing in the organization. It is also checked out that if the user-activities are in accordance with organization’s policy or not? The research has been conducted about insider threat and several issues are addressed and solution has been provided. The major developments are: Monitoring behavior either suspicious or normal, Certifying user’s authenticity to use resources, Checking limitations of the users, Monitoring that user comes into view from the assigned location or not, Analyzing the level of the destruction caused by user, etc. The ACENET scores every user of the organization and maintains a detailed profile. It is really a cumbersome process to determine whether a legitimate user is doing any malicious activity. Expectantly such activity would stand out as strange when compared to the user's routine behavior. ACENET is adaptable to deploy in any ixorganization. Agents have been designed as service on the top layers of the model. The developed agents create and maintain user-profiles and monitor activities autonomously. The threats have been categorized in various classes and for each category agents have been designed. Communication among agents takes place by message passing at upper level whereas internally socket based communication is underway. To resolve conflict between users and organizations, some professional ethical issues pertaining to privacy, have been addressed and appropriate solution has been proposed to implement the framework in accordance with the recognized standards. A matrix or grid of the trust levels ‘trust grid’ is designed similar to ACL where diverse access privileges are assigned to different level of the users. Currently grid has been divided in two categories: Binary [access given, not given] and Gradient [strong, moderate, weak, none]. The professional issues regarding activity monitoring were studied and it has been proposed that organization may announce in advance what can be monitored and what cannot be monitored, by providing a user monitoring policy. In the light of organization’s policy weight-age has been assigned to profile attribute to identify threat contribution of each suspicious activity and user. The Agent-based Security Framework, ACENET, was tested on real data, obtained from the organizations, and the performance has also been evaluated on the basis of specified parameters. Framework’s results were analyzed to match with the targeted objectives. Finally future directions for the extension of the framework have been presented.