A communication system is a facility which enables communication between two or more entities such as user terminal equipment and/or network entities and other nodes associated with a communication system. The communication may comprise, for example, communication of voice, electronic mail (email), text messages, data, multimedia and so on. The communication may be provided by a fixed line and/or wireless communication interface.
A feature of wireless communication systems is that they provide mobility for the users thereof. An example of communications systems providing wireless communication are public land mobile networks (PLMN). Another example is a wireless local area network (WLAN). An example of the fixed line system is a public switched telephone network (PSTN).
User equipment, whether connected to a wired network via a wired connection or a wireless device making a connection to an access point via a radio connection are becoming increasingly the target for computer security related attacks. For example, viruses and worms can target user equipment. Other potential threats are so-called “backdoor programs”, Trojan horses and intrusion attacks. To address this, user equipment is often provided with protection mechanisms such as access control and authorization systems. However, it is not always possible to make the user equipment secure. This may be because the consumer is not prepared to pay the costs associated in making user equipment totally secure or because the nature of the threat changes. In practice, it is therefore difficult to make user equipment that is impervious to malicious software or actual attackers.
Reference is made to the paper entitled “Intelligent Agents for Distributed Intrusion Detection System”, M. Benattou and K. Tamine, Transactions on Engineering, Computing and Technology, V6, June 2005, pages 190-93. This paper describes a distributed intrusion detection system based on the specialised local agent and the agent's community concept. A specialized local agent is used to separate monitoring tasks. The agent's community is a group of specialized agents, created for collecting and analysing analyzing all the data from predetermined network nodes. The specialized local agent is able to execute predetermined actions and use the mobile agent environment to investigate other network nodes of the same community. The agent's community collaborates and cooperates to confirm an intrusion in the predetermined network.
In this query, agents are sent to network nodes whenever something suspicious is detected in at least in one network node. A control structure is provided for coordinating the system consisting of these query agents and analyzing and correlating agents. This is a reactive approach based on pre-defined rules.
Reference is also made to “Synthesis of Correct and Distributed Adaptors for Component-Systems: An Automatic Approach”, P. Inverardi, et al, which discusses using distributed intrusion detection system filters. It is a specification-based approach to detect intrusions at the architectural level. It is decentralised in that given a global policy for the whole system, it automatically generates a monitoring filter for each component that looks at local information of interest. Filters then suitably communicate in order to carry on cooperative detection of anomalous behavior in enforcement of the global policy.
This document proposes a system to interpret a set of global rules as multiple sets of local rules that with local actions maintain the global integrity. To achieve this, all the actions, i.e., communication patterns and nodes taking part in them need to be specified. Based on these specifications the global automaton can be translated to set of local automata which combination is equal to global automaton. These definitions are very difficult to define and maintain. Their integrity and correctness are difficult to verify.