1. Field of the Invention
The present invention relates to a system and method for using agent-based distributed case-based reasoning (“CBR”) to manage a computer network. In particular, the present invention relates to a system and method that use agents and distributed CBR to detect an event within a computer network, analyze it, and automatically respond to the event based on the analysis.
2. Discussion of the Related Art
Recent cyber-attacks on major corporate and government computer networks and World Wide Web (“WWW”) sites continue to prove that the Internet can be a rough neighborhood. Today there are many tools and operating system-specific features (“OS features”) to manage computer networks and secure computer networks from various types of cyber-attacks.
These tools, however, suffer from many shortcomings. Among these shortcomings, a lack of interoperability has limited effectiveness of a network management scheme based on these tools. Typically, to effectively manage and protect a network, a variety of tools and OS features need to be used together. However, because they are typically designed to operate independently of each other, they are neither interoperable nor capable of cooperating with each other. This lack of interoperability results in important system and security information being placed in numerous locations within a computer network, placing an undue burden on network administrators, who are forced to monitor a variety of data and reports. Further, the lack of interoperability increases a risk of overlooking important events. A detection of an event often requires synthesizing data from a variety of security tools. Since there is no effective tool to do such task, it falls upon network administrators, further increasing a burden on them and increasing a risk of overlooking events.
Other limitations of existing network management tools and OS features include: (1) they work from a centralized location within a network; and (2) they may not be compatible with one another. These limitations further increase a burden on network administrators by necessitating configuration of multiple machines within a network and by increasing an amount of data and reports that need to be analyzed to detect an event.
Given the above-stated shortcomings and limitations of existing network management and security tools, there has been an increased interest in developing a mechanism that links a variety of network management and security tools to event-response functions and that allows multiple tools to be used together in a coordinated fashion. In other words, there is a need for a system and method that ease network management tasks by allowing once disparate tools to communicate with one another and automatically provide an effective response to a variety of events, including internal and external security threats, through the use of artificial intelligence.