Upload
rachel-wheeler
View
214
Download
0
Embed Size (px)
Citation preview
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
1/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
Securing Enterprise Networks: A Multiagent-Based Distributed Intrusion
Detection Approach
Nwaocha, Vivian Ogochukwu1 and Inyiama, H. C.2
Computer Science Department
University of Nigeria, Nsukka
Abstract
There is an ever-growing reliance on computer networks for business transactions globally. While these
networks have facilitated the provision of critical services in medical, financial and educational institutions in
particular, yet they have equally served as means for diffusing network attacks. These threats take many forms,
but all result in loss of privacy to some degree of malicious destruction of information or resources that can lead
to large monetary losses. One of the most prevalent threats is the Distributed Denial of Service (DDoS) network
attacks which prevent legitimate users from accessing network services. Detecting intrusions is a difficult task in
any networked environment, especially in an enterprise network which naturally lends itself to a distributedexploitation of its resources by employees and third parties. In such a scenario, the identification of a potential
attack requires that information is gathered from different sources. Besides, current solutions lack a fundamental
dynamic feature required in order to ensure both flexibility of the architecture and robustness in the event of
changes in network and traffic status. Besides, DDoS attacks are spreading at a very high rate and are not easily
contained by existing intrusion detection systems. Although, distributed intrusion detection systems have been
developed to counter these threats, they still have the drawback of using up huge network resources. It is against
this backdrop that this paper presents a model of a Multiagent-Based Distributed Intrusion Detection System
(MABDIDS) which detects intrusions efficiently by means of small-sized mobile agents. As a proof of concept,
a prototype of the proposed system is implemented and tested. The outcome of the tests revealed that compared
with existing solutions, the proposed system provides superior performance in terms of detection rate and saves
network resources.
Keywords: Distributed Intrusion Detection System, Enterprise Network, Intrusion Detection System, Mobile
Agent, Mobile Agent Platform, Multiagent System
1. Introduction
Today, there is an ever-growing reliance on computer networks for business transactions. Hence, several
educational institutions, government agencies, health care facilities, banking, financial institutions and private
residencies offer vital services through the global network, known as the Internet [1].
However, with the free flow of information and the high availability of many resources, managers of
enterprise networks have to understand all the possible threats to their networks. These threats take many forms,
but all result in loss of privacy to some degree and possibly malicious destruction of information or resources
that can lead to large monetary losses [2].
It is obvious that the Internet is critical for delivering educational contents to diverse students in remote
geographical areas globally and is regarded by everyone as an indispensible IT infrastructural service. This
media facilitates health care delivery, financial and other essential services.
On the other hand, the convenience of the Internet, comes at the expense of several security risk exposures.
It is therefore vital that the appropriate level of network security is maintained in an enterprise network to ensure
its high availability. In particular, institutions constantly face unique challenges keeping their servers and
networks secure from cyber-criminals while accommodating the influx of student and faculty-owned devices. A
recent analysis of online transaction data highlighted to what extent some of these establishments have already
been compromised.
While the Internet has facilitated the provision of critical services in educational and financial institutions in
particular, yet it has also served as a means of diffusing network attacks. These establishments have had to face
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
2/10
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
3/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
52
The EMERALD project proposes a distributed architecture for intrusion detection that employs entities
called service monitors. The latter are dynamically deployable, highly distributed, and independently tunable.
They provide localized real-time analysis of infrastructure and services. The approach covers the misuse of
individual components and network services within a single domain and includes service analysis. The objective
of the service analysis is to streamline and decentralize the surveillance of a domains network interfaces for
activities that may indicate misuse or anomalies in operations. EMERALD enables domain-wide analysiscovering the misuse visible across multiple services and components, and enterprise-wide analysis covering
coordinated misuse across multiple domains. The project also defines several layers of monitors for performing
data reduction in a hierarchical fashion. Although the monitors provide distributed network status analysis, most
of the detection intelligence is placed in a central system. Further, all the decision making regarding the
deployment of the monitors takes place in the central system, thus resulting in potential delays and processing
overhead.
In 2003, a scheme is proposed where lightweight agents travel between monitored systems in a network of
distributed systems, obtain information from data-processing agents, classify and correlate information, and
report the information to both a user interface and a database, via mediators. In such systems, the agents had zero
detection and analysis capabilities.
A new Mobile Agent Distributed Intrusion Detection System (MADIDS) was proposed to process the great
flow of intrusion detection data transfer in high-speed networks [3]. MADIDS system consists of specialized
agents: Event generation agents, event analysis agents, event tracking agents, and agent server. Event generation
agents are distributed into every place in the network to collect interested intrusion data. It submits a portion of
the data to the event analysis agent residing on the same host or passes the data directly to the agent server if the
network load permits. Event analysis agents analyze the collected data and pass the results to a local event
tracking agent which in turn tracks the intrusion. The agent server is a central supervision unit that receives data
from event generation/analysis agents and allocates the analysis/tracking tasks to the suitable agents. It monitors
and dynamically balances the load of each agent. In this system, agents had no intrusion detection or response
responsibilities.
2.1.2. Intrusion Detection Using Autonomous Agents
The application of autonomous agents in intrusion detection has equally been investigated. Agents aretaught how to identify intrusive behaviors using Genetic Programming. Nevertheless, it was discovered that this
setup imposes overhead on the system in both time and space as it consumes memory and CPU time. Besides a
long time is required to train the agents takes before the agents can be considered ready for deployment.
The approach described in propose an architecture for a distributed intrusion detection system based on
multiple independent entities called Autonomous Agents for Intrusion Detection (AAFID) framework. Agents
are used mainly as a means for structuring the intrusion detection collection component into a set of lightweight
software components, which can be easily reconfigured. On a given host, they look for interesting events and
report their findings to a single transceiver that oversees their operations. The transceivers, in turn, report their
results to one or more monitors that are responsible for the network. Among the several issues that are associated
with this framework, there is adaptability. The system is incapable of dynamically controlling the agents
population at run-time and agents appear to be static once they are deployed to a transceiver, although they can
be replaced through reconfiguration.
In a more recent research, Nwaocha and Inyiama, 2011 proposed intrusion detection and prevention system
based on small, autonomous, and intelligent intrusion detectors as sensors. Their study was inspired by the
principle of operation of nervous systems. In their work, data collection and analysis elements are operated by
autonomous agents based on risk assessment and managed on the basis of the autonomic computing theory with
self-management properties. The main purpose of using autonomic computing was to create computing systems
capable of managing themselves to a far greater extent when given high-level objectives, and to provide set of
prevention rules that will attempt to stop the attack before it happens depending on risk analysis and risk
assessment. Thus confirming the validity of the alerts and identifying the false positive alerts, by measuring the
risk caused by the detected threat, thus determining whether it is a normal activity or not. This work was
however limited to the host-based intrusion and although they had proposed the use of mobile agents they did
not implement it in their system.
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
4/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
53
2.1.3. Intrusion Detection Systems Based on Mobile Agents and Fully Distributed Architectures
One well-known example of applying distributed agent design methodology in the intrusion detection
domain is the Distributed Intrusion Detection System (DIDS) [Snapp et al. 1991]. DIDS was an attempt to build
a distributed system based on monitoring agents that reside at every host in the network. A centralized data
analysis component called the DIDS director agent is solely responsible for the analysis of the network trafficdata collected by each monitor. DIDS architecture presents both advantages and disadvantages. On one
hand, the system utilizes the real-time traffic information from various sources, namely, data from various
host monitors, to assess the security status of its residing network. However, as a drawback, the systems
scalability is poor for large networks, as an increasing number of host monitors also significantly increase the
work load of the DIDS director agent. Additionally, the data flow between host monitors and the director agent
may generate significantly high network traffic overheads.
A mobile agent-based architecture and model consists of a large number of small mobile agents that
perform the tasks of monitoring, decision-making, notification and reaction to attempted intrusions [45]. Each
agent observes a small aspect of the entire system. When an agent considers an activity suspicious, it advises the
other agents about it. Thereafter, an agent (or a group of agents) with a higher level of specialization for that type
of suspected intrusion is activated. Once there is a consensus among a large number of agents about the existence
of an intrusion, a message is then sent requesting the intervention of a human operator, who will launch a group
of reactive agents. In this system, specialized agents can be added whenever a new form of attack is identified or
removed dynamically from the system. The system suffers from massive detection latency since an agent by
itself has no authority to identify an attack but a majority vote among specialized agents is required before
further actions are taken.
Cooperative Security Managers (CSM) are employed to perform distributed intrusion detection that does
not need a hierarchical organization or a central coordinator. The design requires that a CSM be run on every
host attached to the network. A CSM consists of local intrusion detection component responsible for detecting
local and proactive intrusions, a security manager that correlates data collected by its own hosts IDS and other
CSMs, the intruder-handling that determines what action to do when an attack is detected, a graphical user
interface that allows the security administrator to communicate with each CSM, a command monitor that accepts
commands from the user and sends them to the IDS for analysis, and a communication handler that provides the
communication between CSMs using TCP. However, the CSMs are stationary agents, cannot be updated or
reconfigured dynamically, and result in overhead on the host performance since they run on the host for alltimes.
In [47], a social insect-based mobile agent framework, named Artificial Network Termite Colony (ANT),
was developed using static internal agents and mobile agents. The approach is based on the use of a chemical-
like information that represents an abnormal behavior. ANT relies on the raising and lowering of pheromone
fields, which represent criteria to guide simple agents towards collectively exhibiting complex problem-solving
behavior. Pheromones are spread to pheromone servers via short lived mobile agents, while other defensively
minded agents prowl the network performing system checks, sensing the gradient of the pheromone field, and
deciding whether to take a defensive action or move onward in a direction where the field is stronger. Our own
approach is similar to this work in the sense that the agent population increases when intrusions are detected and
decreases after the attack(s) are terminated. However in ANT, agents are specialized and their detection
procedures cannot be updated dynamically.
Another research presents a fully distributed architecture where data collection and information analysis are
performed locally without referring to the central management unit. For instance, the designed architecture in
comprises two components: IDS agents and a stationary secure database (SSD). The agent is responsible for
detecting intrusions based on local audit data and participating in cooperative algorithms with other IDS agents
to decide if the network is being attacked. Each agent has a local audit trail, a misuse detection module, an
anomaly detection module, and a local database. The local audit trail collects audit data and passes it to the
misuse detection module and anomaly detection module for further analysis. The local database warehouses all
information necessary for the IDS agent such as signature files and users patterns. The SSD acts as a trusted
database for the agents to obtain latest misuse signatures. It contains global signatures of known misuse attacks
and stores patterns of each user normal activity in a non-hostile environment. The system requires that an IDS
agent resides on every host, thus resulting in large number of IDS agents in the network. A large number of up-
and-running agents results in both network and host overhead. The agent processes that execute on each host
consume CPU time and the large number of agents causes intensive message passing among the agents resulting
in network bandwidth consumption. Moreover, the proposed system does not fit dynamic environment, wherecomputers are dynamically added or taken off the network, since the implementation of the system
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
5/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
54
administration will be far more complex.
A more recent development in the domain of distributed IDS architectures is MINDS [Ertoz et al. 2004].
The MINDS system analyzes data collected directly by sensors distributed throughout the network, tapping
information directly from the routers. It combines an unsupervised anomaly detection data mining algorithm,
which assigns to each of the collected network connections a score reflecting how anomalous it is, and an
association pattern analysis-based module, which generates a summarization report of those network connectionsthat are ranked highly anomalous. Although MINDS seems to solve both anomaly and misuse detection
problems, it requires human efforts to assist in its data mining techniques for their proper functioning. That is,
the summarized anomalous data information needs to be supplied to a human analyst who is then responsible for
manually performing the unsupervised anomalous data labeling process.
Another distributed agent-based IDS called Distributed Hybrid Agent Based Intrusion Detection and Real
Time Response System [Vaidehi and Ramamurthy 2004] analyzes anomalies to detect and identify the Denial of
Service (DoS) and data theft attacks, in addition to analyzing intrusion signatures capable of detecting
wardriving-based hacks. It also attempts to respond to intrusions in real time by sending out alerts to the
designated network administrator when network intrusions are detected. One of its main drawbacks is the design
complexity of its comprising agents, in that each agent must take on almost all of the work load of network
traffic sniffing, data parsing, and intrusion detection. This makes the architecture inherently less light weighted.
In addition, its data mining techniques are less powerful since they are capable of detecting only a limited
number of network attacks.
In Helmer et al. [2003], an IDS prototype entirely comprised of mobile agents was developed. In this
architecture, the mobile agents travel among monitored systems in a network of distributed systems, obtain
information from designated data-cleaning agents that reside at each host, classify and correlate the supplied
information, and finally report the analysis results to a designated administrator through a user interface and
several databases. One of its main advantages is its support for the runtime addition of new capabilities into the
mobile agents. However, one of its main disadvantages is the overhead in time required to transmit the mobile
agents code and required data among the monitored hosts in the residing network, which reduces the systems
ability to respond to network intrusions in real time.
All of these architectures, having both their advantages and disadvantages, attempt to achieve the common
goal of effective intrusion detection, while at the same time minimising the adverse side effects of realistic
constraints, such as the limited availability of processing power at hosts, and the scalability issues inherent in
distributed system design.
3.1 System Design
The architecture of the proposed system (MABDIDS), consists of a set of distributed, autonomous but
collaborating agents. Hence, the entire architecture of the proposed model of the Multiagent-based Distributed
Intrusion Detection System (MABDIDS) is presented in Figure 3.1.
The framework consists of the following components:
Main Machine for Intrusion monitoring and detection Mobile Agent Platform Mobile Agents for Intrusion Detection Authentication Tool Utility Tool
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
6/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
55
UserI nt erf ace
Det ect i onEngi ne( Snor t )
Dat abase
Message Handl er
Mobi l eAgentPl at f ormI nt erf ace
Mobi l e Agent Pl at f or m
Figure 3.1 The General Architecture of MABDIDS
4.3.1 The Intrusion Detection Controller
The intrusion detection controller is the foundation of the distributed framework. It monitors the
network segments and serves as the main intrusion detection and processing unit. Its key functions are
as follows:
i. acting as a correlating unit for multiple log files sent by dispatched agents;ii. providing and updating rule sets and severity lists for each of the agents;
iii. interfacing the IDS to the system administrator, andiv. supervising and tracking existing mobile IDS agents, as well as instructing different agents about the
speed of dumping that they should use depending on the security level.
The intrusion detection controller comprises further of the following:
an intrusion detection system (IDS) which serves as a detection engine; a user interface;
a database and a message handler.
MAPi nt erf ace
Mobi l eAgentPl at f orm( MAP)
Agl et Cont extSni f f er Li ght wei ght
SnortBr i ef case
Message Handl er
MAPi nt erf ace
Mobi l e AgentPl at f or m ( MAP)
Agl et Cont extSni f f er Li ght wei ght
Snor t
Br i ef case
Message Handl er
Mobi l eAgentPl at f orm( MAP)
Agl et ContextSni f f er Li ght wei ght
Snor tBri ef case
Mess age Handl er
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
7/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
56
4.3.1.1 Detection Engine
The detection engine analyses the log files of raw data gathered. The main role of the detection
engine is to gather and correlate IDS data from the multiagent-based distributed intrusion
detection system. Hence, it links events across the network and provides a heuristic analysis of
the aggregated data.
4.3.1.2 User Interface
The user interface provides the graphical user interface (GUI) for the system administrator.
Through the user interface, the system administrator is able to do the followings:
Initialise the number of start-up agents (parent IDS Agents) and arm each with a visitlist for agent hopping.
Assign an initial rule set for each agent that will be used by the detection engine totest for intrusions. This set can be updated later by the MIDP.
Attacks should be categorized according to the severity levels of each. The userinterface enables the system administrator to customize the system security concerns by
assigning dangerous attacks high severity levels and less harmful attacks with lower severity
level.
4.3.1.3 Database
The database comprises of a secure trusted storage for the mobile agents to obtainlatest information about attacks in order to update their severity lists. This database contains
two types of information: signatures (rule set) and severity level associated with each attack
(severity list). A severity level defines the response mechanism that agents should use when
particular attacks are detected. For instance, level 1 (most severe attack) means that the agents
should send all logged network traffic plus the alarm file while level 2 implies that the agent
should send a representative of the logged traffic and the alarm file. The entire list is presented
in table 4.1. The database also contains credentials of existing agents in the system. This
information includes: the agent ID, its child ID (if exists), its parent ID (if exists), the agent
visit list, the agent proxy, and the host at which the agent is currently residing.
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
8/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
57
Severity level Description
1 Send the entire log file and alerts generated
2 Send a summary of all log files and alerts generated
3 Send only the alert file while saving the dump file at the
current host
4 Inform the intrusion detection manager about a potential
attack while saving the dump and alert files at the current
host.
5 Inform the intrusion detection manager about a potential
attack while saving the dump file only at the current host.
6 Ignores the potential attack while saving the dump file only
at the current host.
Table 4.1 List of Severity Rules
4.3.1.4 Message Handler
The message handler enables the Intrusion Detection Manager (IDM) to respond to messages sent to it.
The intrusion detection manager identifies and interprets the following key messages: NEW_AGENT,
MANUAL_UPDATE, ATTACK_DETECTED, DISPOSAL_REQUEST,
CREATE_AGENTS_REQUEST, AGENT_INFO_REQUEST, and HOST_INFO_REQUEST.
4.3.2. Mobile Agent Platform (Tahiti Server)
The mobile agent platform (MAP) is commonly referred to as the Tahiti server; it has a graphical user
interface (GUI) and is responsible for creating, interpreting, executing, dispatching, cloning and
terminating agents. The platform is responsible for accepting requests made by network users,
generating mobile IDS agents, and dispatching agents into the network to perform intrusion detection.
The platform is a small server program that is deployed on each host within the network and is
responsible for managing the mobile agent life cycle. The MAP has a MAP interface that acts as a
graphical user interface (GUI) agent manager. The MAP interface enables end users to monitor existing
agents in the MAP platform and manually carry out the following agent functions: create, dispatch,
dispose, retract, and clone, among others.
4.3.3. Mobile IDS Agent
Each mobile IDS agent is composed of a sniffer, lightweight snort, a briefcase and message handler.
The mobile IDS essentially carries out three important tasks: sniffing the network traffic, carrying out
intrusion detection, and executing cloning mechanisms when intrusions are detected. Sniffing and
intrusion detection proceed in parallel. This implies that the agent creates two threads: the first one
starts the sniffing process and afterwards, the second thread is created to run a lightweight mobile IDS.
The execution of the cloning strategy is triggered only when an alert is logged into the alert file.
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
9/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
58
5. Performance Evaluation
The overall performance of the proposed MABDIDS was evaluated. Forty machines that were connected via a
switch were used for this assessment. For a realistic testing environment, attacks were interjected into a volume
of network traffic. Specifically flooding attacks were simulated by means of the well known tool Metasploit10
version 3.5.1.
6. Conclusion and Future Research
The system potentially reduces the enormous amount of distributed log data moved among the inner nodes of a
conventional IDS. Having mobile IDS agents visit hosts and doing intrusion detection locally is well suited to
the ability of mobile agents to move the computation to the data, thus reducing network load. Roaming the
internal network, agents are capable of detecting attacks launched from within the network since the IDS will be
capable of monitoring local traffic. Additionally, the developed architecture implements a robust and fault-
tolerant IDS based on agent mobility. There is no single vulnerable point of failure. Agents roam the network
continuously and thus are less suspicious to direct attacks. They can clone for redundancy or replacement and
operate independently and autonomously from where created. The architecture is flexible since it is built on the
concept of Severity on Demand. It is hoped that further work will be carried out in the area of exploring the
possibility of the extension of mobile IDS agent, and extension to the system architecture.
References
[1] Natasha Gilani, Uses of Computer Networking, eHow Contributor 2012.
[2] Cisco Press, Threats in an Enterprise Network, 2005.
[3] Helmer, G., Wong, J., Honavar, V., Miller, L., and Wang, Y., "Lightweight agents for intrusion detection,"
Journal of Systems and Software, v 67, n 2, p 109-122, Aug 15, 2003.
[4] Guangchun, L., Xianliang, L., Jiong, L., and Jun, Z., "MADIDS: A Novel Distributed IDS Based on Mobile
Agent," ACM SIGOPS Operating Systems Review, Volume 37, Issue 1, Pages: 46 53, January 2003.
[5] Hochberg, J., Jackson, K., Stallings, C., McClary, J. F., DuBois, D., and Ford, J., "NADIR: An automated
system for detecting network intrusion and misuse," Computer & Security, 12(3): 235-248, May 1993.
[6] Porras, P. A., and Neumann, P., "EMERALD: Event monitoring enabling responses to anomalous live
disturbances," Proceedings of the 20th
National Information System Security Conference, 1997.
[7] Crosbie, M., and Spafford, E., "Defending a computer system using autonomous agents," Proceedings of the
18th
National Information Systems Security Conference, Cot 1995.
[8] Crosbie, M., and Spafford, G., "Active defense of a computer system using autonomous agents," Technical
Report 95-008, COAST Group, Department of Computer Sciences, Purdue University, West Lafayette, IN
47907-1398, Feb 1995.
7/28/2019 Paper-6 Securing Enterprise Networks a Multiagent-Based Distributed Intrusion Detection Approach
10/10
International Journal of Computational Intelligence and Information Security, June 2013 Vol. 4, No. 6ISSN: 1837-7823
59
[9] Spafford, E., and Zamboniy, D., "Intrusion detection using autonomous agents," Computer Networks,
34(4):547-570, October 2000.
[10] Balasubramaniyan, J., Garcia-Fernandez, J., Isacoff, D., Spafford, E., Zamboniy, D., "An Architecture for
Intrusion Detection using Autonomous Agents," Proceedings of the Computer Security Applications
Conference, 1998.
[11] White, G., Fisch, E., and Pooch, U., "Cooperating security managers: A peer-based intrusion detection
system," IEEE Network Magazine, IEEE Press, Volume 10, Issue 1, 1996.
[12] Barrus, J., and Rowe, N., "A distributed autonomous-agent network-intrusion detection and response
system," Proceeding of the 1998 Command and Control Research and Technology Symposium, 1998.
[13] Smith, A., "An Examination of an Intrusion Detection Architecture for Wireless Ad Hoc Networks,"
Proceedings of the 5th National Colloquium for Information System Security Education, May 2001.
[14] Bernardes, M., Moreira, E., "Implementation of an Intrusion Detection System Based on Mobile Agents,"
Proceedings of the International Symposium on Software Engineering for Parallel and Distributed Systems,
2000.
[15] White, G., Fisch, E., and Pooch, U., "Cooperative security managers: A peer-based intrusion detection
system," IEEE Network Magazine, IEEE Press, pages 20-23, Jan. 1996.
[16] Fenet, S., and Hassas, S., "A distributed intrusion detection and response system based on mobile
autonomous agents using social insects communication paradigm," Electronic Notes in Theoretical
Computer Science 63, 2001.
[17] Vigna, G., Cassell, B., and Fayram, D., "An Intrusion Detection System for Aglets".
[18] Nwaocha, V.O. and Inyiama, H.C., " Precluding Emerging Threats from Cyberspace: An Autonomic
Administrative Approach". Vol. 1, No. 3, 100-104, 2011.