A Multi-agent Cooperative Model and System for Integrated Security Monitoring

The increasing complexity of various network threats has made the integration and cooperation of multiple security monitoring technologies necessary in network security defense. However, most existing works have focused on certain special monitoring technologies such as intrusion detection, and studies on integrated security monitoring system are quite insufficient. In this paper, a novel formal model called MCSM (Multi-agent Cooperation model for Security Monitoring based on knowledge) is proposed. In MCSM, the integrated security monitoring is modeled as a FSA (Finite State Automata) with multiple agents, and a general knowledge structure for multiple agents is constructed. We have successfully developed an IMS (Integrated Monitoring System) called ACT-BroSA (Broad-spectrum security Scan and Analysis system) based on MCSM. Results of experiments show that the integrated monitoring capability is significantly improved.