Presentation is loading. Please wait.

Presentation is loading. Please wait.

3 June, 2016 Toorcon Security Expo 2001 1 Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed.

Published byAmelia Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "3 June, 2016 Toorcon Security Expo 2001 1 Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed."— Presentation transcript:

1 3 June, 2016 Toorcon Security Expo 2001 1 Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed Assessments

2 17 July, 2001Toorcon Security Expo 2001 2 Introduction Hydra integrates IDS, scanning and vulnerability assessment tools with an agent framework Uses intelligent agent and AI techniques to collect, evaluate and act on events All tools are open source and freely available New tools can be integrated into the agent framework

3 17 July, 2001Toorcon Security Expo 2001 3 Hydra Integrates a Set of Publicly Available Tools ZEUS: Infrastructure to build intelligent agent systems CLIPS: (C Language Integrated Production System) A productive development and delivery expert system shell Portsentry, clog, nmap, logcheck, snort, et al Hydra incorporates these and other tools, using the FIPA communication protocol to bind the agents together  FIPA is a common group of standards describing the communication and other protocols for intelligent agents

4 17 July, 2001Toorcon Security Expo 2001 4 ZEUS Award Winning Agent Building Toolkit Provides an integrated environment for rapid development of multi-agent applications Entirely implemented in Java 2 Open Source (released to the community by British Telecom in 2000) http://sourceforge.net/projects/zeusagent/ http://www.labs.bt.com/projects/agents.htm

5 17 July, 2001Toorcon Security Expo 2001 5 ZEUS Agent Creation Provides a framework for agent communication Contains rudimentary intelligence Supports quick understanding of agent based systems

6 17 July, 2001Toorcon Security Expo 2001 6 Agent Creation with ZEUS Agent ontology (common vocabulary) is created Societal responsibilities are determined for each agent Agent tasks and rule bases are defined based on the agent society Skeleton Java code is generated for the agents Custom code is added for specific functionality and user interface Agent communication, fact management and rule activation is provided by the ZEUS framework

7 17 July, 2001Toorcon Security Expo 2001 7 ZEUS Encapsulates CLIPS C Language Integrated Production System Productive development delivery expert system tool Environment for construction of Rule/Object-based expert systems CLIPS contains knowledge representation, portability, integration, and extensibility ZEUS contains a Java implementation of CLIPS  Full RETE algorithm implementation  Flexibility in rules and inferencing http://www.ghg.net/clips/CLIPS.html

8 17 July, 2001Toorcon Security Expo 2001 8 Common Intrusion Detection Packages used in Hydra Portsentry: a host-based intrusion detection system which monitors TCP and UDP ports Snort: a lightweight network intrusion detection system, capable of performing real- time traffic analysis and packet logging on IP networks Clog: simple TCP connection logger Other agents (such as arpwatch) will be included as time and resources permit

9 17 July, 2001Toorcon Security Expo 2001 9 Common Port and Vulnerability Scanners Used in Hydra Nmap: a utility for port scanning large networks; it also works fine for single hosts.  http://www.insecure.org/nmap Nessus: a free, open-sourced and easy-to-use security scanner. It compares favorably with the more expensive commercial scanners  http://www.nessus.org/ Home grown scanners, based on other open source scanners Hydra has the capability to use commercial scanners such as NFR and ISS

10 17 July, 2001Toorcon Security Expo 2001 10 ZEUS Uses 1997 FIPA Specifications Foundation for Intelligent Physical Agents Non-profit organization aimed at producing standards for interoperation of heterogeneous software agents ZEUS will be updated to new, post-1997 standards when they are defined The FIPA structure provides a convenient and useful mechanism for ZEUS and similar agents to communicate http://www.fipa.org/

11 17 July, 2001Toorcon Security Expo 2001 11 Enhancements to ZEUS Reviewing and cleaning up code Adding security features  Secure communication (SSL)  Authentication (signed applets/applications) Expanded and improved scheduling and decision making capabilities Improvements will be offered for inclusion in ZEUS distribution

12 17 July, 2001Toorcon Security Expo 2001 12 Enhanced Security Integrating Java SSL (Sun JSSE) package into the ZEUS architecture  Agent communication protected with strong encryption  Agent authentication provided by digital certificates

13 17 July, 2001Toorcon Security Expo 2001 13 Hydra Architecture Agents act as wrappers for IDS tools Agents collect, format and forward data to the host agent IDS data is evaluated for significant events using AI methods Agents respond intelligently by starting additional IDS, defensive or offensive agents ZEUS provides the infrastructure

14 17 July, 2001Toorcon Security Expo 2001 14 Intelligent Agents: Independent and Creative Hydra contains an expert system shell (from Zeus) Each agent makes decisions about its environment and tasks Hydra adds new capabilities  New search techniques  Independent decision capability  Creates agents that respond to new events as needed

15 17 July, 2001Toorcon Security Expo 2001 15 Fusion of Data from Independent Agents Each agent contributes its piece of knowledge. The knowledge is rated, after considering the following:  The age of the data  The type of agent  The dependability of the data  Criticality (or importance) of the data  The number of other agents reporting similar data  The number of other agents reporting conflicting data The last two items can be thought of as negative and positive corroboration

16 17 July, 2001Toorcon Security Expo 2001 16 Distributed Intrusion Detection Different computer architectures notice different attacks Distributed IDS/NIDS using existing tools (e.g. snort, portsentry, ISS) Agents intelligently coordinate intrusion reports Improved performance during coordinated attacks) Evaluates data using attack signatures from multiple systems

17 17 July, 2001Toorcon Security Expo 2001 17 IDS Scenario Scan or Attack Control and Coordination Offensive Actions Host with Agent Host Host with Agent Host Firewall Router Bad Guy Data Collection and Decision Agent Host with Agent Defensive Actions Data

18 17 July, 2001Toorcon Security Expo 2001 18 Distributed Scanning Distributed Denial of Service (DDoS) meets nmap Distributed scanning using existing tools (e.g. nmap, strobe, or firewalk) Agents intelligently coordinate scanning Improved performance in adverse conditions (IP based blocking) Enhances spoofing and decoy scanning Correlates and evaluates data from multiple simultaneous scans

19 17 July, 2001Toorcon Security Expo 2001 19 Scanning Scenarios: Spoofed Redirect Scans from spoofing scanners return to the data collection agent Decoy scanners used to obscure data collection IP Coordination agent controls scanning agents Target can see the data collection agent but not the scanner IP Decoy Scanner Spoofing Scanner Decoy Scanner Spoofing Scanner Target Control and Coordination Data

20 17 July, 2001Toorcon Security Expo 2001 20 Scanning Scenarios: Scanning Zombies Scanner agents scan target under control of coordination agent Decoy scanners used to obscure scanner agent IP Scanner agents return data to data collection agent for analysis Target never sees data collection or coordination agent IP Coordination agent stops, starts, or creates new scanning agents Data Collection and Coordination Decoy Scanner Scanner Decoy Scanner Scanner Target Control and Coordination Data

21 17 July, 2001Toorcon Security Expo 2001 21 Merits of Hydra Uses all open source tools IDS, scanning, and evaluation tools used in real life  Not a prototype or superficial construct  Not trying to reinvent the wheel Java cross platform capability integrates tools running on their native platform True intelligent agents

22 17 July, 2001Toorcon Security Expo 2001 22 Further Information Etaoin Shrdlu: shrdlu@deaddrop.org Gurney Halleck: gurneyh@ix.netcom.com

Download ppt "3 June, 2016 Toorcon Security Expo 2001 1 Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Component Oriented Programming 1 Chapter 2 Theory of Components.

Component Oriented Programming 1 Chapter 2 Theory of Components.
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Yan Chen Dept. of Computer Science Northwestern University Information Security Curriculum Development in Northwestern.

Yan Chen Dept. of Computer Science Northwestern University Information Security Curriculum Development in Northwestern.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Www.BeyondSecurity.comwww.SecurITeam.com Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Similar presentations

Ads by Google