Detection of malicious hosts against agents in Mobile Agent networks

  • Jean Tajer

Student thesis: Doctoral Thesis


Over the last decade, networks have become increasingly advanced in terms of size, complexity and the level of heterogeneity, due to increase of number of users, devices and implementation of cloud among big enterprises and developing smart cities. As networks become more complicated, the existing client-server paradigm suffers from problems such as delay, jitter, bad quality of service, insufficient scalability, availability and flexibility. The appearance of mobile agents’ technology is getting popular as means for an efficient way to access remote resources on computer networks. Mobile Agent- systems usually benefit from the following: asynchronous execution, dynamic adaptation, fault-tolerance improvement in network latency, protocol encapsulation, reduction in network load and robustness.

However, one of the major technical obstacles to a wider acceptance of the mobile agent is security which is the modus operandi to protect the mobile agents against malicious hosts.

This work proposes how the Mobile Agents (MA), supported by a new solid models (detection and protection), can present a new way of securing mobile agents against malicious hosts.

The work contributes in proposing a new computing model for protection against malicious hosts. This model is based on trust, which is a combination of two kinds of trust: policy enforcement and control and punishment. The originality of this model is the introduction of the concept of setting up an active storage element in the agent space, called as “home away from home”, for partial result storage and separation as well as digital signing of the destination of the mobile agent.

An efficient flooding detection scheme is developed by integrating the sketch technique with the Divergence Measures (Hellinger Distance, Chi-Square and Power Divergences). This type of integration can be considered unique in comparison with existing solutions over a Mobile Agent network. The sketch data- structure summarizes the mobile agent’s process of calls generating into a fixed set of data for developing a probability model.

The Divergence Measures techniques, combined with a Mobile Agent traffic, efficiently identifies attacks, by monitoring the distance between current traffic distribution and the estimated distribution, based on history information. Compared to the previous detection system and existing works, the proposed techniques achieve the advantages of higher accuracy and flexibility, to deal with low intensity attacks and the ability to track the period of attack.

Simulation results are presented to demonstrate the performance of the proposed detection model. This work achieves in outperforming the existing detection solutions by tuning the Divergence Measures. An evaluation of the scheme is done via the receiver-operating characteristic (ROC). The work achieves in outperforming the existing detection solutions by tuning the Power Divergence with a value of β=2.2. With this value of β, the detection scheme leads to a very attractive performance in terms of True Positive Rate (100%), False Positive Rate (3.8%) and is capable of detecting low intensity attacks. Moreover, the Power Divergence with β=2.2 presents a better detection accuracy of 98.1% in comparison with Hellinger Distance (60%) and Chi-square (80%).
Since the scenarios in consideration in this work can be reasonably related to any type of network, the strength of the proposed model can alternatively be applied to any enterprise network
Date of AwardAug 2018
Original languageEnglish
SupervisorMo Adda (Supervisor) & Benjamin Aziz (Supervisor)

Cite this