Sciweavers

AAMAS
2006
Springer

CONFIDANT: Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions

14 years 16 days ago
CONFIDANT: Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions
File Integrity Analyzers serve as a component of an Intrusion Detection environment by performing filesystem inspections to verify the content of security-critical files in order to detect suspicious modification. Existing file integrity frameworks exhibit single point-of-failure exposures. The Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) framework aims at fail-safe and trusted detection of unauthorized modifications to executable, data, and configuration files. In this paper, an IDS architecture taxonomy is proposed to classify and compare CONFIDANT with existing frameworks. The CONFIDANT file integrity verification framework is then defined and evaluated. CONFIDANT utilizes three echelons of agent interaction and four autonomous behaviors. Sensor agents in the lowest echelon comprise the sensor level to generate an assured report to companion agents of computed MD5 file digests. At the control level, beacon agents ...
Adam J. Rocke, Ronald F. DeMara
Added 10 Dec 2010
Updated 10 Dec 2010
Type Journal
Year 2006
Where AAMAS
Authors Adam J. Rocke, Ronald F. DeMara
Comments (0)