Contribución a la seguridad perimetral a través de sistemas de detección de intrusos basados en agentes
- Paez Mendez, Rafael Vicente
- Jordi Forné Muñoz Director/a
Universitat de defensa: Universitat Politècnica de Catalunya (UPC)
Fecha de defensa: 14 de de novembre de 2007
- Miquel Soriano Ibáñez President/a
- Esteve Pallarès Segarra Secretari/ària
- Javier López Muñoz Vocal
- Roberto Uribeetxeberria Ezpeleta Vocal
- Jose Maria Siera Camara Vocal
Tipus: Tesi
Resum
An Intrusion Detection System (IDS) is a tool used to detect, prevent and/or to correct suspicious activities that attempt to put in risk the information's security in a host or network, An intrusion is an unauthorized or non wished activity that attacks confidentiality, integrity and/or availability of the information or computer resource. Basically an IDS has an events generator, an analyzer or sensor and a response module. The event generator (operating system, network, application) sends the packets to the events collection module that is communicated with the sensor. The sensor filters the information and discards irrelevant data. Finally, the response module decides when to send an alarm according to a given policy. In this thesis several IDS architectures have been analyzed and an architecture based on autonomous agents was taken as reference, identifying a risk scenario. Our goal was focused to the internal security of the IDS, because it is a tool used to protect critical infrastructures and the IDS becomes in an objective susceptible to be attacked. In the mobile agent's technology, one of the most difficult problems to solve is the attack from malicious host against agents; by this reason the first proposal is focused to solve a related risk scenario. The proposal consists of using hash functions and compare them to detect any modification; but later, some drawbacks were detected. Then, another proposal to identify each one of the mobile agents using watermarking techniques was made to differentiate them and to know who produces which results. Another proposal is the MAIS (Mobile Agent Integrity System) system, which serves to verify as the integrity as the correct execution of the transceivers, utilizing a dynamic algorithm mark's generation in run time. Likewise, in the MAIS system Trusted Third Parties (TTP) are used. So, when an entity must be verified it has to be displaced to the issuer host. The next proposal is the CIA (Cooperative Itinerant