Framework of behavioral worm detection system
This chapter Preliminaries I need section call multi agent
– Overview of multi agent and how to work of detection worm or malware if have many host
– Definition of multi agent
– Concept of multi agent
– Tools support multi agent which is java agent development framework
– Criticisms of multi agent Intelligent Agents
– The reason using multi agent
– Discuss and criticize relate approach
abstract of my work to make clear what am doing
Malware, and specifically worms, are particularly a threat because they prey on vulnerable hosts within networks and are capable of irreversible damage of networks and data. There are currently a number of detection systems available that detect and stop malware before they inflict damage, however, if they fail to do so then the resulting damage can be serious. The unique contribution of this study is that the malware detection system allows damage to be inflicted in a dummy machine (agent) and detects the malware from a specific aspect of the malwareas behavior; namely the damage. One of the main advantages to this approach is that it avoids damage of actual system machines. The study focuses specifically on worms. The malware detection system is designed as a network because the modus operandi of worms is to move around networks searching for vulnerable hosts (agents). Therefore, the system network and the detection mechanism itself are designed to allow worms to behave normally.
This is the reason why using multi agent to have many agents also dummy agents to help of detection.