10-06-2013, 03:51 PM
Weakness recognition in network using ACO and mobile agents
Weakness recognition.pdf (Size: 405.25 KB / Downloads: 20)
Abstract
Network vulnerabilities are present in every
system. Network technology advances so rapidly that it can be
very difficult to eradicate vulnerabilities altogether; the best
one can hope for, in many cases, is simply to minimize them.
ACO is a member of ant colony algorithms family, in swarm
intelligence methods, and it constitutes some meta-heuristic
optimizations. By applying the concept of ACO in network
vulnerability detection, we can reduce the network related
problems and improve the performance of the network.
INTRODUCTION
Networks are vulnerable to slowdowns due to both
internal and external factors. Internally, networks can be
affected by overextension and bottlenecks, external threats,
DoSIDDoS attacks, and network data interception. The
execution of arbitrary commands can lead to system
malfunction, slowed performance, and even failure. Indeed,
total system failure is the largest threat caused by
compromised system-understanding possible vulnerabilities
is critical for administrators.
• The need for ongoing management of network
vulnerabilities is often overlooked at the onset of a
vulnerability remediation project. Yet with new
vulnerabilities being identified every day and users
reintroducing vulnerabilities into their
environments, the remediation strategy needs to be
repeated regularly.
ANT COLONY OPTIMIZATION
In the natural world, ants (initially) wander randomly, and
upon finding food return to their colony while laying down
pheromone trails. If other ants find such a path, they are
likely not to keep travelling at random, but to instead follow
the trail; returning and reinforcing it if they eventually fmd
food.
Over time, however, the pheromone trail starts to evaporate,
thus reducing its attractive strength. The more time it takes
for an ant to travel down the path and back again, the more
time the pheromones have to evaporate. A short path, by
comparison, gets marched over more frequently, and thus
the pheromone density becomes higher on shorter paths than
longer ones. Pheromone evaporation also has the advantage
of avoiding the convergence to a locally optimal solution. If
there were no evaporation at all, the paths chosen by the
first ants would tend to be excessively attractive to the
following ones. In that case, the exploration of the solution
space would be constrained.
Communication mechanism between agent hosts
Some communication mechanism must exist to transfer
agents across networks. An agent might be transferred using
TCP/IP, or by using a higher level of communication such
as RMI, IIOP, SMTP or even HTTP. Mobile agent
architectures may even use a variety of transport
mechanisms, giving greater flexibility.
An agent's executable code must be transferred, which may
consume a large amount of network bandwidth, unless
shared code is located at the agent host. Techniques such as
shared libraries of code, or caching, may be of benefit. In
addition, the persistent state of the agent must be
transferred.
Security to protect agents and agent hosts
Security is critical when executable code is transferred
across a network. Malicious or badly written code could
wreak havoc when unleashed upon an unsuspecting host,
and agents themselves need protection against hostile hosts
that would seek to dissect or modify them. There is no
magic solution that will solve all the security problems of
mobile agents, but precautions can be taken to minimize
risk.
When an agent leaves for a new host, extreme care must be
taken to prevent unauthorized modification or analysis of
the agent. Agents may carry with them confidential or
sensitive information and logic, which shouldn't be
accessible to the agent host. Encryption may be of benefit,
but the data and code must be decrypted at some point in
time for the agent to execute. Once this occurs, the agent
becomes vulnerable, and is at the mercy of the agent host. In
a scripting language, the internal logic of the agent is
exposed, but even compiled languages can be decompiled
with a disturbing degree of success .Other than using trusted
hosts, there is little that can be done to protect the agent
from snooping eyes.
MOBILE AGENT
A mobile agent is a process that can transport its state from
one environment to another, with its data intact, and be
capable of performing appropriately in the new
environment. Mobile agents decide when and where to
move. Movement is often evolved from RPC methods. A
mobile agent is a specific form of mobile code.
In general, the following things are required to allow agents
to migrate across a network
1. Common execution language
2. Process persistence
3. Communication mechanism between agent hosts
4. Security to protect agents and agent hosts
Collective Mechanism
When an agent says A detects weakness in the network, it
will try to solve the problem alone. If the agent is not able to
solve, agent would write the information about the task (T)
on the blackboard and also updates it node status table.
Agent will set the pheromone initial value corresponding to
the task and search for next unvisited node in the network. If
Agent B selects the task T, if it is capable to restore the task,
the information about that particular node will be removed
from the blackboard. Then the information is informed to
other agents so that the other agents can update their node
status table. Other agents can avoid visiting that node and
cannot be mislead.
CONCLUSION
Mobile agents technology provides many advantages in
network security. Main advantage being the ability to create
new agents and patch it to network for newly generating
vulnerabilities. Next it reduces the work of network manger.
Also provides communication among the agents by visiting
the blackboard. The complexity of work is providing security
to the agents.