dc.description.abstract |
This thesis targets network security – an essential area of computer science, which has
gained progressively attention of researchers due to concerns and potential damages
in various organizations. More specifically, it deals with insider threat that is less
focused than the external threat. Software agents have been used as a technology in
this research that autonomously roam around network. Software agents are diversified
research area that covers artificial intelligence, programming abstraction and
distributed computing.
During literature surveys of various agent platforms it has been summed up that
both agent standards, FIPA and MASIF, have their own advantages and disadvantages
but still some missing features were pointed out such as security, distributed events
and multicasting that are not well focused at all by any of the available standards.
There are two possible ways to focus the problem, i.e. either these two standards may
be combined or another standard may be proposed to include all features necessary
for a true agent system.
While working on the Agent based Security Framework, first a vulnerability
assessment model has been developed that presents an agent based solution and
demonstrates that both insiders and outsiders exploit the weaknesses of the system.
The literature survey and the practical results of the model reveal that the insider
threat is more critical than the outsider. During development of vulnerability
assessment model many practical issues have been identified and appropriate solution
has been proposed. For the assessment, both agent platform-dependent and platform-
independent approaches were used to achieve the task. After comparing results of
both approaches, it was proposed that a qualitative, standardized and comprehensive
management of the agents is only possible with established and recognized agent
platforms.
Considering privacy as another component of dissertation, the Agent-based
Profiling model has been developed. The model considers an individual’s personality
profile to identify real personality in the cyberspace; Guard and guide to use internet
resources, and analyzing social interactions to create social community. Major
indicators involving profile generation and personality identification have been
viiiargued and implemented. The framework helps to create virtual social community in
the cyberspace where users are guarded and guided to use internet resources
according to their actual profiles and the interests. The profiling model has been
implemented in two different ways, i.e. JADE and .Net framework. Test results show
that .Net framework supports many advanced tools and technologies therefore and
agent platform on the top of the .Net framework is proposed to develop agent based
models.
Hence, the proposed solution to insider threat will be integrated on the top of
agent technology to autonomously monitor and predict human behavior. As human
behavior is difficult to predict, therefore autonomously monitoring user behavior is
the key solution to avoid insider threat. The FIPA-compliant agent framework for
profiling, ACENET (Agent Collaborative Environment based on .NET), has been
developed to solve the problem. The proposed profiling framework allows identifying
anomalies in user activities either online or offline. Online monitoring is carried out in
real time that is used to catch the sensitive activity started by user against
organization’s policy. Offline monitoring is carried out on daily, weekly and monthly
basis and is based on the analysis of specified factors. Both online and offline
monitoring use agent based approach to identify anomalies in user activities.
Motivation behind the proposed model is that many procedural security measures
are being taken by the organizations at lower level. This dissertation focuses on high
level security measures through profiling based agent system to detect the activities
user is performing in the organization. It is also checked out that if the user-activities
are in accordance with organization’s policy or not? The research has been conducted
about insider threat and several issues are addressed and solution has been provided.
The major developments are: Monitoring behavior either suspicious or normal,
Certifying user’s authenticity to use resources, Checking limitations of the users,
Monitoring that user comes into view from the assigned location or not, Analyzing the
level of the destruction caused by user, etc.
The ACENET scores every user of the organization and maintains a detailed
profile. It is really a cumbersome process to determine whether a legitimate user is
doing any malicious activity. Expectantly such activity would stand out as strange
when compared to the user's routine behavior. ACENET is adaptable to deploy in any
ixorganization. Agents have been designed as service on the top layers of the model.
The developed agents create and maintain user-profiles and monitor activities
autonomously. The threats have been categorized in various classes and for each
category agents have been designed. Communication among agents takes place by
message passing at upper level whereas internally socket based communication is
underway.
To resolve conflict between users and organizations, some professional ethical
issues pertaining to privacy, have been addressed and appropriate solution has been
proposed to implement the framework in accordance with the recognized standards. A
matrix or grid of the trust levels ‘trust grid’ is designed similar to ACL where diverse
access privileges are assigned to different level of the users. Currently grid has been
divided in two categories: Binary [access given, not given] and Gradient [strong,
moderate, weak, none]. The professional issues regarding activity monitoring were
studied and it has been proposed that organization may announce in advance what can
be monitored and what cannot be monitored, by providing a user monitoring policy.
In the light of organization’s policy weight-age has been assigned to profile attribute
to identify threat contribution of each suspicious activity and user.
The Agent-based Security Framework, ACENET, was tested on real data,
obtained from the organizations, and the performance has also been evaluated on the
basis of specified parameters. Framework’s results were analyzed to match with the
targeted objectives. Finally future directions for the extension of the framework have
been presented. |
en_US |