research-article

Layered security architecture for threat management using multi-agent system

Authors:

Vandana Gandotra,

Archana Archana Singhal,

Punam BediAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 36, Issue 5

Pages 1 - 11

https://doi.org/10.1145/2020976.2020984

Published: 30 September 2011 Publication History

Abstract

The increasing complexity of software systems along with expanding connectivity has necessitated the evolution of an integrated security framework adopting innovative techniques for secure software systems. This paper proposes a layered security architecture for threat management using a multi-agent system to meet the above objective. Layer- 1 of this framework is designed for elicitation of realistic and flawless security requirements. Layer-2 uses a Multi-Agent system planning for avoidance of threats optimally. In this mechanism autonomous agents interact and coordinate with each other to achieve the common goal of software security. An adaptive defense mechanism using Meta-Agents in multi-agent system in conjunction with fuzzy logic to counter the adaptive and compound threats is the responsibility of Layer-3. Guidelines proposed in this paper have augmented this security architecture as a two-fold defensive strategy to ensure that a hacker is not able to tamper data even if they penetrate the periphery defenses. These proactive steps can be implemented during the design and development phases of the software life cycle in an incremental way as per the budget and security requirements of a software project. A case study on internet banking is included in the paper to describe the proposed security framework.

References

[1]

Bedi, P., Gandotra, V., Singhal, A., Vats, V. and Mishra, N. 2009. Avoiding Threats Using Multi Agent System Planning for Web Based Systems. In Proceedings of the 1st International conference on Computational Collective Intelligence -- Semantic Web, Social Networks and Multiagent Systems, Wroclaw, Poland, LNAI, Springer-Verlag Berlin Heidelberg, October 2009, 709--719.

Digital Library

[2]

Hentea, M. 2007. Intelligent System for Information Security Management. Information and Beyond: the journal of Issues in Informing Science and Information Technology, Volume 4, 29--43.

[3]

Butler, S. 2002. Security Attribute Evaluation Method: A cost- Benefit Approach. In Proceedings of the 24th International Conference on Software Engineering, Orlando, Florida, USA, May 2002, 232--241.

Digital Library

[4]

Changwen, Q. and You, H. 2002. Method of Threat Assessment Using Multiple Attribute Decision Making. In Proceedings of Sixth International Conference on Signal Processing, IEEE, 1091--1095.

[5]

Davis, N. 2005. Secure Software Development Life Cycle Processes: A Technology Scouting Report {Report}. Software Engineering Institute, Carnegie Mellon University, Pittsburgh.

[6]

Diallo, M.H., Romero-Mariona, J., Sim, S.E., Alspaugh, T.A. and Richardson, D.J. 2006. A Comparative Evaluation of Three Approaches to Specifying Security Requirements. In Proceedings of 12th Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ'06), Luxembourg.

[7]

Gandotra, V., Singhal, A. and Bedi, P. 2009. Identifying Security Requirements Hybrid Technique. In Proceedings of the 4th International Conference on Software Engineering Advances Porto, Portugal, September 2009, IEEE Computer Society, 407--412.

Digital Library

[8]

Gandotra, V., Singhal, A. and Bedi, P. 2009. Threat Mitigation, Monitoring and Management Plan - A New Approach in Risk Management. In Proceedings of the International Conference on Advances in Recent Technologies in Communication and Computing, India, October 2009, IEEE Computer Society, 719--723.

Digital Library

[9]

Gandotra, V., Singhal, A. and Bedi, P. 2010. A Step Towards Secure Software System Using Fuzzy Logic. In Proceedings of IEEE 2nd International Conference on Computer Engineering and Technology, 417--422.

[10]

Goyal, V., Pandey, O., Sahai, A. and Waters, B. 2006. Attributebased encryption for fine grained access control of encrypted data. In Proceedings of 13th ACM conference on Computer and Communications Security, 89--98.

Digital Library

[11]

Howard, M. and LeBlanc, D. 2003. Writing Secure Code, Microsoft Press.

Digital Library

[12]

Katz, J., Sahai, A. and Waters, B. 2008. 2008. Predicate Encryption Supporting Disjunctions, Polynomial Equations, Inner Produts. In Proceedings of EUROCRYPT, Turkey, 146--162.

Digital Library

[13]

Madan, B.B., Popsotojanova, K.G., Vaidyanathan, K. and Trivedi, K.S. 2002. Modeling and Quantification of Security Attributes of Software System. In Proceedings of the International Conference on Dependable Systems and Networks, Bethesda, MD, USA, June 2002, IEEE Computer Society, 505--514.

Digital Library

[14]

Mamdani, E.H. 1976. An experiment in linguistics synthesis with a fuzzy logic controller. International Journal of Man-Machine Studies, Vol. 8, Issue 6, Elsevier, 1976, 669--678.

[15]

McGraw, G. 2006. Software Security: Building Security In. Addison Wesley Software Security Series.

Digital Library

[16]

Moradian, E. and Hakansson, A. 2008. Approach to solving security Problems Using Meta-Agents in Multi Agent System. In 2nd International KMS Symposium on Agents and Multi-Agent Systems: Technologies and Applications, LNAI 4953, 122--131.

Digital Library

[17]

Moradian, E. and Hakansson, A. 2010. Controlling Security of Software Development with Multi-agent System. In Knowledge- Based and Intelligent Information and Engineering Systems, LNCS, 2010, Volume 6279/2010, 98--107.

Digital Library

[18]

Myagmar, S., Lee, A.J. and Yurcik, W. 2005. Threat Modeling as a Basis for Security Requirements. In Proceedings of symposium on Requirement Engineering for information Security (SREIS), Paris, France.

[19]

Oladimeji, E., Supakkul, S. and Chung, L. 2006. Security Threat Modeling and Analysis: A Goal-Oriented Approach. In Proceedings of the 10th IASTED International Conference on Software Engineering and Applications (SEA 2006), Dallas, Texas, USA. November 13-15, 2006.

[20]

Olthoff, K.G. 2001. Observations on Security Requirements Engineering. Symposium on Requirements Engineering for Information Security.

[21]

Paget, F. 2008. Report on Financial Fraud and Internet Banking: Threats and Countermeasures {Report}, McAfee, http://www.mcafee.com/us/local_content/reports/6168rpt_fraud_0409.pdf, 2008.

[22]

Philiparning, B. 2008. Threat Analysis using Goal Oriented Action Planning. University of Skovde, May 2008.

[23]

Pressman, R.S. 2005. Software Engineering A Practitioner's Approach, McGraw Hill.

Digital Library

[24]

Runan, M. 2001. Planning with Agents. Matrikelnummer: 1008277 (2001).

[25]

Swiderski, F. and Synder, W. 2005. Threat Modeling, Microsoft Press.

Digital Library

[26]

Schneier, B. 1999. Attack trees: Modeling security Threats. Dr. Dobb's Journal, December 1999.

[27]

Schneier, B. 2000. Secrets and lies: Digital security in a networked world. John Wiley & Sons.

Digital Library

[28]

Sindre, G. and Opdahl, A.L. 2000. Eliciting Security Requirements by Misuse Cases. In Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems, Sydney, Australia, 120--131.

[29]

Sodiya, A.S., Longe, H.O.D. and Fasan, O.M. 2007. Software Security Risk Analysis using Fuzzy Expert System. In Journal of INFOCOMP: Journal of Computer Science, Brazil, Vol. 7, No. 3, 70--77.

[30]

Symantec Global Internet Security threat Report Trends for 2009, volume XV, Published in April 2010.

[31]

Glenn, W. 2007. Multi-agent planning using HTN and GOAP. Lulea University of Technology, Department of Skelleftea campus, Division of Leaisure and Entertainment, (2007:16HIP).

[32]

Woolridge, M. 1997. Agent Based Software Engineering. IEEE Proc. Software Engineering", Volume 144, Issue 1, Portal ACM, 26--37.

[33]

Witkowska, J. 2006. The Quality of Obfuscation and Obfuscation Techniques. LNCS in Biometrics, Computer Security Systems and artificial Intelligence applications, Part II, 175--182.

[34]

Zadeh, L.A. 1965. Fuzzy sets, Information and Control, 338--353.

[35]

Zadeh, L.A., Klir, J.G. and Yuan, B.B. 2009. Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems: Selected Papers by Lofti A. Zadeh. Volume 6.

Cited By

Soni VSaxena SBhatt DYadav N(2023)ImmuneGAN: Bio-inspired Artificial Immune System to Secure IoT EcosystemInternational Conference on Cyber Security, Privacy and Networking (ICSPN 2022)10.1007/978-3-031-22018-0_11(110-121)Online publication date: 21-Feb-2023
https://doi.org/10.1007/978-3-031-22018-0_11
Bedi PGandotra VSinghal A(2014)Innovative Strategies for Secure Software DevelopmentSoftware Design and Development10.4018/978-1-4666-4301-7.ch097(2099-2119)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-4301-7.ch097
Bedi PGandotra VSinghal A(2013)Innovative Strategies for Secure Software DevelopmentDesigning, Engineering, and Analyzing Reliable and Efficient Software10.4018/978-1-4666-2958-5.ch013(217-237)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2958-5.ch013
Show More Cited By

Index Terms

Layered security architecture for threat management using multi-agent system

Recommendations

Insider Threat Security Reference Architecture
HICSS '12: Proceedings of the 2012 45th Hawaii International Conference on System Sciences

The Insider Threat Security Reference Architecture, ITSRA, provides an enterprise wide solution to insider threat. The architecture consists of four security layers -- Business, Information, Data, and Application. Organizations should deploy and enforce ...
Layered management approach to cyber security of IoT solutions

The Internet of Things consists of devices, each with its own vulnerabilities and interconnected by various technologies. This broad spectrum, a combination of old and new technologies, shows that there are many aspects to consider in ensuring IoT ...
Identifying Security Requirements Hybrid Technique
ICSEA '09: Proceedings of the 2009 Fourth International Conference on Software Engineering Advances

There were times when software systems and networks posed no or very little security problems. However, with expanding connectivity during last few years problem of security has been making headlines. This is due to increase in threat environment and ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 36, Issue 5

September 2011

160 pages

ISSN:0163-5948

DOI:10.1145/2020976

Issue’s Table of Contents

Copyright © 2011 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2011

Published in SIGSOFT Volume 36, Issue 5

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
71
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)4

Reflects downloads up to 06 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Soni VSaxena SBhatt DYadav N(2023)ImmuneGAN: Bio-inspired Artificial Immune System to Secure IoT EcosystemInternational Conference on Cyber Security, Privacy and Networking (ICSPN 2022)10.1007/978-3-031-22018-0_11(110-121)Online publication date: 21-Feb-2023
https://doi.org/10.1007/978-3-031-22018-0_11
Bedi PGandotra VSinghal A(2014)Innovative Strategies for Secure Software DevelopmentSoftware Design and Development10.4018/978-1-4666-4301-7.ch097(2099-2119)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-4301-7.ch097
Bedi PGandotra VSinghal A(2013)Innovative Strategies for Secure Software DevelopmentDesigning, Engineering, and Analyzing Reliable and Efficient Software10.4018/978-1-4666-2958-5.ch013(217-237)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2958-5.ch013
Bedi PGandotra VSinghal ANarang HSharma S(2013)Mitigating multi-threats optimally in proactive threat managementACM SIGSOFT Software Engineering Notes10.1145/2413038.241304138:1(1-7)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2413038.2413041
Yu JSheng QHan JWu YLiu C(2012)A semantically enhanced service repository for user-centric service discovery and managementData & Knowledge Engineering10.1016/j.datak.2011.10.00572(202-218)Online publication date: 1-Feb-2012
https://dl.acm.org/doi/10.1016/j.datak.2011.10.005
Bedi PGandotra VSinghal ANarang HSharma S(2012)Threat‐oriented security framework in risk management using multiagent systemSoftware: Practice and Experience10.1002/spe.213343:9(1013-1038)Online publication date: 7-Jun-2012
https://doi.org/10.1002/spe.2133

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents