ODISET: On-line Distributed Session Tracing using Agents

10 years 2 months ago
ODISET: On-line Distributed Session Tracing using Agents
When a security incident occurs it is sometimes necessary to identify its causes for legal and cautionary purposes. In an attempt to hide the origin of her connection, a malicious user may have jumped from a source host h8 into a series of hosts h1 € H = {h1,h2,..., hn} before breaking into final target ht. This connection sequence describes a path that makes it difficult to find h8 given ht due, in part, to the prohibitive amount of cooperation and synchronization that is required in practice by administrators. This paper describes a distributed rule-based model that automates this tracing process on-line with a 0(\H\)) worst case scenario. Autonomous agents collaborate on the tracing and detection of the origin of an interactive connection using a loop unwinding technique and incorporating public key cryptography to create ciphered channels that allow them for secure communication. To meet the challenges of minimum system workload and improved robustness, the prototype features li...
Salvador Mandujano, Arturo Galván
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2003
Authors Salvador Mandujano, Arturo Galván
Comments (0)