Abstract
With the explosive growth of Internet applications, the threats of network worms against computer systems and network security are seriously increasing. Many recent researches concentrate on providing a propagation model and early warning. In fact, the defense against worms in a realistic environment is an open problem. In this work, we present WSRMAS (worm spreading_reduction multi_agent system) as a system that includes a worm defense mechanism to considerably reduce the rate at which hosts are infected. As WSRMAS needs a suitable infra-structure, its architecture was elaborated and an agent platform was designed and implemented to support WSRMAS functions. The proposed system was provided once with a centralized plan and second with a decentralized (distributed) plan. In both cases the system performance was evaluated. Also different communication capabilities using Knowledge Query Manipulation Language (KQML) were exploited to improve WSRMAS performance. The ratio between worm and anti-worm spreading was studied to investigate its influence on the defense efficiency. Taking into account that some machines may not deploy WSRMAS, consequently, the effectiveness of WSRMAS under different operational conditions has been studied.
Similar content being viewed by others
References
Chen, S., & Tang, Y. (2007). DAW: A distributed antiworm system. IEEE Transactions on Parallel and Distributed Systems, 18(7), 893–906. doi:10.1109/TPDS.2007.1033.
EEye Digital Security (2001). Code red worm. http://research.eeye.com/html/advisories/published/AL20010717.html.
FIPA (2002a). Abstract architecture specification. Foundation for Intelligent Physical Agents, IEEE Computer Society Standard Committee.
FIPA (2002b). Abstract agent management. Foundation for Intelligent Physical Agents, IEEE Computer Society Standard Committee.
FIPA (2002c). Agent management support for mobility specification. Foundation for Intelligent Physical Agents, IEEE Computer Society Standard Committee.
Fuggetta, A., Picco, G., & Vigna, G. (1998). Understanding code mobility. IEEE Transactions on Software Engineering, 25, 342–361.
Gupta, A. (2007). Using predators to combat worms and viruses: A simulation-based study. ACSAC 23. Florida, USA.
Isaacs, R. (1965). Differential games: A mathematical theory with applications to warfare and pursuit, control and optimization. New York: Wiley.
Jim, K.-C., & Giles, C. L. (2000). Talking helps: Evolving communicating agents for the predator–prey pursuit problem. Cambridge, MA: MIT Press.
Karnik, N. M., & Tripathi, A. R. (1998). Design issues in mobile-agent programming systems. IEEE Concurrency, 6, 52–61.
Kim, H. A., & Karp, B. (2004). Autograph: Toward automated, distributed worm signature detection. In Proceedings of the 13th USENIX security symposium.
Kreibich, C., & Crowcroft, J. (2003). Honeycomb, creating intrusion detection signatures using honey pots. In Proceedings of the second workshop on hot topics in networks (HotNetsII).
Lesser, V. R., & Corkill, D. D. (1981). Functionally accurate, cooperative distributed systems. IEEE Transactions on Systems, Man, and Cybernetics, SMC-11, 81–96.
Lesser, V. R., & Erman, L. D. (1980). Distributed interpretation: A model and an experiment. IEEE Transactions on Computers (Special Issue on Distributed Processing), c-29, 1144–1163.
Macintosh, D., Conry, S., & Meyer, R. (1991). Distributed automated reasoning: Issues in coordination, cooperation, and performance. IEEE Transactions on Systems, Man, and Cybernetics, 21, 1307–1316.
Mahalingam, K., & Huhns, M. N. (1997). An ontology tool for distributed information environments. IEEE Computer, 30, 80–83.
Moore, D., Shannon, C., & Brown, J. (2002). CodeRed: A case study on the spread and victims of an internet worm. In Proceedings of ACM/USENIX internet measurement workshop, France.
Newsome, J., Karp, B., & Song, D. (2005). Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the IEEE symposium on security and privacy.
Newsome, J., & Song, D. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th annual network and distributed systems security symposium.
Nicola, R. D., Ferrari, G. L., & Pugliese, R. (1998). KLAIM: A Kernel language for agents interaction and mobility. IEEE Transactions on Software Engineering, 24, 313–400.
Parsons, T. D. (1978). “Pursuit-evasion in a graph”. Theory and applications of graphs (pp. 426–441). Heidelberg: Springer.
Porras, P., Briesemeister, L., Skinner, K., Levitt, K., Rowe, J., & Ting, Y. C. A. (2004). A hybrid quarantine defense. In Proceedings of the 2004 ACM workshop on rapid malcode (WORM). Washington, DC, USA.
Rosenschein, J. S., & Zlotkin, G. (1994). Designing conventions for automated negotiation. AI Magazine.
Senthilkumar, C. G., Nojiri, D., Aggarwal, A., Rowe, J., & Levitt, K. (2002). Worms: How to stop them. In Proceedings of the fall ‘02 UCD CS student workshop. India: UCDavis University.
Sidiroglou, S., & Keromytis, A. D. (2005). Countering network worms through automatic patch generation. In Proceedings of IEEE symposium on security and privacy.
Singh, S., Estan, C., Varghese, G., & Savage, S. (2004). Automated worm fingerprinting. In Proceedings of the 6th ACM/USENIX symposium on operating system design and implementation (OSDI).
Spafford, E. H. (1988). The internet worm program: An analysis. Technical report CSD-TR-823, Department of Computer Science, Purdue University.
Stephens, L. M., & Merx, M. B. (1990). The effect of agent control strategy on the performance of a pursuit problem. In Proceedings of the 10th international workshop on DAI.
Weaver, N. (2001). Warhol worms: “The potential for very fast Internet plagues”. http://www.cs.berkeley.edu/tildenweaver/warhol.html.
Weaver, N. (2002). Potential strategies for high speed active worms. http://www.cs.berkeley.edu/~nweaver/worms.pdf.
Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003). Large scale malicious code: A research agenda. www.icir.org/vern/papers/large_scale_malicious_code.pdf.
Xu, D., Yin, J., Deng, Y., & Ding, J. (2003). A formal architectural model for logical agent mobility. IEEE Transactions on Software Engineering, 29, 31–45.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zaki, M., Hamouda, A.A. Design of a multi_agent system for worm spreading_reduction. J Intell Inf Syst 35, 123–155 (2010). https://doi.org/10.1007/s10844-009-0092-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10844-009-0092-9