|
|
|
|
An agent based framework for insider threat,privacy and adaptability management
|
|
|
|
|
|
|
|
نویسنده
|
mallah g.a. ,shaikh n.a. ,shaikh z.a.
|
|
منبع
|
proceedings of the pakistan academy of sciences - 2010 - دوره : 47 - شماره : 2 - صفحه:121 -128
|
|
چکیده
|
This paper targets network security and more specifically deals with insider threat. software agents have been used as a technology in this research. the literature survey shows that fipa (foundation for intelligent physical agents) and masif (mobile system interoperability facility) agent standards have many limitations,therefore their combination or a new standard is proposed for a true agent system. various milestones were set and bottom-up approach is used to achieve the overall task. agent based vulnerability assessment model has been developed in which various practical issues have been identified and appropriate solutions have been proposed. platform-dependent and platform-independent approaches were used to achieve the task and results of both approaches are compared. profiling is the key source of identifying insider threat therefore an agent-based profiling model has been developed that considers an individual's personality profile to identify real personality. a fipa-compliant agent framework (acenet) for profiling has been developed to achieve the task. the framework allows identifying,online and offline,anomalies in user activities. the acenet (agent collaborative environment on.net) scores every user of the organization and maintains a detailed profile of whether a legitimate user is doing any malicious activity. the framework checks out whether user activities are in accordance with organization's policy or not. acenet is adaptable to deploy in any organization where agents are designed as services on the top layers of the model. the threats have been categorized in various classes and for each category agents have been designed. considering privacy as a major concern,the professional issues were studied and it is proposed that the organization may announce in advance what can be monitored and what cannot be monitored through a user monitoring policy. the framework has been tested on real data and the performance has also been evaluated on the basis of specified parameters. the results were analyzed to match with the targeted objectives.
|
|
کلیدواژه
|
.NET framework; Agent framework; Insider threat; Network security; Privacy; Software agents
|
|
آدرس
|
department of computer science,shah abdul latif university, Pakistan, department of computer science,shah abdul latif university, Pakistan, national university of computer and emerging sciences, Pakistan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|