Secure Network Monitoring System using Mobile
G. M. Gaikwad1
, A. M. Kanthe2
, M. S. Chaudhari3
1,2,3 Department of Computer Engg.
Sinhgad Institute of Technology, Lonavala (India)
Abstract- Nowadays there is great expansion in varied
computer network and stretching of network traffic in network communication infrastructure which demands efficient and secure network monitoring and management. Mostly SNMP (Simple Network Management Protocol) based client server architecture is used for network management and monitoring issues which uses SNMP as a protocol to provide centralized which is pretty efficient in terms of performance. Foremost problems related to this architecture are heterogeneity in networks, limited amount of bandwidth, lack of resources, scalability & flexibility limitation and huge amount of traffic generated on central server can degrade the performance of network. An efficient & secure infrastructure based on mobile agents can overcome scalability & flexibility limitations of centralized approach of network monitoring and management.This approach also reduces processing load and bandwidth usage. The security of both agent and host that execute agent is main concern with this approach. The protection of both host that execute the agent and agent from malicious hosts are very much important.This paper provides solution to authenticate received agent by using security keys, ensuring that only trusted agents are allow to execute on host and to protect mobile agent against malicious hosts.
Keywords—Mobile Agent, Network Monitoring, Security,
Malicious Host, Distributed System, SNMP. I. INTRODUCTION
In the current network communication infrastructure, there are challenges in network monitoring and management due to far more complexity in computer network. To meet the challenges posed by heterogeneous networks, efficient network monitoring and management system must be developed. The growth of networking and distributed application arise issues like traffic load, bandwidth limitation, flexibility and scalability limitations and performance requires to be manage. Generally, there is use of centralized approach of network management and monitoring using SNMP based client/server architecture to monitor network activity, which may cause huge amount of network traffic. This approach creates extra burden on network, thereby reducing the
performance of the network. So in order to solve the problems like limitation of bandwidth, high traffic load, scalability and flexibility limitations and less performance, there is need of such a mechanism which has the ability to overcome all these problems .
Therefore, in order to reduce traffic and improve efficiency, we need to follow decentralized approach where mobile agent is the best alternative of decentralized network management and monitoring.
Mobile agent is one of the emerging technologies that makes much easier to design, implement, and maintain distributed systems. Mobile agent technology has advantages over other technologies like SNMP based client server architecture. Mobile agent is software code that travels throughout the network for performing some specified tasks like retrieval of network related information. When a mobile agent decides to move, it saves its own state and transports this saved state to next host and resume execution from the saved state. Mobile agents are being used in areas of information retrieval, network management, network monitoring, mobile computing, and telecommunications. Mobile agent paradigm has been identified as a natural solution to implement monitoring systems. In mobile agent-based monitoring, software agents migrate to remote hosts and cooperate among themselves for system wide monitoring. The agent moves to the place where data are stored and select information which the user wants. They decentralize processing and as a consequence, reduce the traffic around the management station and distribute processing load. The main purpose of this paper is to use mobile agent paradigm to implement the network monitoring (instead of using the conventional client-server approach using SNMP) to lessen traffic load created by network monitoring and to improve the performance of network .
The security is main concern with this approach. The protection of both host that execute the agent and agent
against malicious hosts and agents are very much important. This paper provides solution to authenticate received agent by using security keys, ensuring that only trusted agents are allow to execute on host and to protect mobile agent against malicious hosts.
This paper is organized as follows. Section II wraps up literature review. Section III gives idea about proposed system. Section IV represents implementation details of proposed system. Section V conclude the paper & give idea about future aspects.
II. LITERATURE REVIEW
The developments and globalization in the field of computer network have created many problems like security and network overhead. To avoid these problems, network administrator has to monitor and manage network according to predefined security policy. Since last decade network monitoring and its management have been the biggest challenges for any distributed network infrastructure. In recent years, mostly organizational network infrastructure used protocols like SNMP (Simple Network Management Protocol) of IETF (Internet Engineering Task Force) and CMIP (Common Management Information Protocol) of OSI (Open System Interconnection) for network monitoring and management purposes. Both of these protocols follow centralized approach of client server based architecture.
The architecture proposed in  for network monitoring and management which reduces traffic around management station and alleviate processing load on management station. This architecture is secured and multi agent based. This provides confidentiality and authentication to monitoring process by using ECC (Elliptical Curve Cryptography). There will be use of large key and prime number to make system more secure with less time consumption. This architecture also not provided security of agent from malicious host.
In the centralized approach, a management station manages all the devices of network. All these devices equipped with agents which maintain MIB (Management Information Base). The management agent at the devices monitors all the data required for management and stores in its MIB. The management station (network manager) agent accesses the remote MIB through the SNMP or CMIP protocols .
This accessing is done sequentially, so it requires many commands to be executed to get required information from remote MIB. This leads to more consumption of bandwidth and network traffic. Several drawbacks are
found with centralized monitoring and management schemes, such as, computational overhead at management station, consumption of more bandwidth and network traffic. So, there is a need for designing efficient distributed monitoring and management technique to meet the challenges of heterogeneous networks.
Mobile agent based network management can be a suitable paradigm which provides distributed network management by overcoming the shortcomings of existing network monitoring systems.
Due to the growth of computing technology and competition in market, there are many hardware and software tools for network monitoring and management. But these tools creates a lot of network traffic, which finally degrade the performance of network, because these software tools are based upon client server architecture and follow centralized approach in which we have to install tools on each node of network and monitor the activity of whole network on a single server.
The method proposed in paper  for network performance monitoring using mobile agents monitored different network parameters & provided a solution to model network traffic for enhancement of network performance. In this architecture node is aware about its monitoring by administrator. Though this architecture implemented different agents for different purposes, it hasn’t provided protection of agents from malicious host. The system proposed in paper  for network performance monitoring there is use of hierarchy of agents from one master controller agents (MCA) to different controller agent (CA) and under CA’s there are monitor agent and action agent to perform specific tasks. In order to achieve the confidentiality and integrity in the process of network monitoring, authors proposed their architecture based on multi agent based system. In this system there is detection of unauthorized or illegal activity and performs actions according to policy like system logoff, unwanted process killing, system shutdown after detection.
The system proposed in paper  to protect agent from malicious platforms executing agent and try to discover the agent intension, to read data transported by agent or to modify the agent data, code or state, there is use of dummy agent and monitoring agent. To reduce the overhead by dummy agent and monitoring agent, there is reduction in the size of dummy agent.
In paper      the author gives overview of techniques to protect mobile agent from malicious host.
These techniques are Code Obfuscation, Partial Result Encapsulation, Execution Tracing, Environmental Key Generation, Computing with Encrypted Function, Mutual Itinerary Recording, and Secure communication layers approach. This paper states that there is not a single, comprehensive solution that provides complete protection of agents against malicious hosts. A combination of different techniques may yield powerful solution.
III. PROPOSED SYSTEM
The secure and efficient MA based Network Monitoring System consist of following major components :
• The Manager: This is responsible for initiation of MA’s and to display results returned by MA’s after completion of task.
• The Mobile Agent Generator (MAG): The role
of MAG is to generate service-oriented MA objects
• The Mobile Agent (MA): The MA is competent
of migrating between the managed elements to collect information based on pre-defined management task.
• The Mobile Agent Server (MAS): This is
capable of receiving MAs and to provide an interface to access the local physical resources. All above mentioned components plays vital role in the secure and efficient MA based Network Monitoring System.
Figure 1: Mobile Agent Based Infrastructure
Workings of each of the above components present in the infrastructure shown in Figure 1 are as follows,
3.1 The Manager:
The manager interacts with devices running agent processes to perform monitoring and control operations. The manager assigns itinerary to mobile agents including all active hosts. The MA’s state information is then compressed and transferred to the first destination host. The manager application is equipped with a Graphical User Interface (GUI) consisting of a MIB browser plus ‘problem’, ‘event’ and ‘results’ panels.
3.2 The Mobile Agent:
This is capable of migrating between the managed entities to collect information based on pre-defined policies. An MA object is identified by
• Code (behavioural description)
• State information (modifiable variables) • Attributes (static/permanent information) The MAs are Java classes supplied with an itinerary table, a vector to store gathered data, the Object Identifier (OID) string(s) of requested object(s) and a number of methods that facilitate interaction with polled devices.
The mobile agent bring along the result it collected from the previously visited managed devices to the next managed device in the itinerary. The mobile agent sends back the result to the management station before self-termination, only when there is no more managed device to visit in the itinerary.
The MA code is need to minimised in order to reduce bandwidth requirements. So, the process of serialisation is use to save the state of an MA object, transferred through the network and then deserialised at the receiving node. 3.3 The MAS (Interface to Managed Elements): The MAS is interface between MAs and the managed elements.
Functionally, the MAS’s reside above standard SNMP agents & its functionalities are
• Defining an efficient run-time environment for receiving, instantiating, executing, and dispatching incoming MA objects,
• Although protecting the system against malicious attacks.
The SNMP agent process starts automatically at MAS initialisation and is ‘killed’ when the MAS application terminates.
• The Mobile Agent Listener (MAL) This is responsible for listening incoming MA’s on well-known TCP port. Once MA arrived its code is decompressed and de-serialized (its state is loaded). The MAL then returns back to listening mode and the MA object is passed to the Security Component (SC).
Figure 2: The Mobile Agent Server Structure
• The Security Component (SC): This is act as
the system’s protective barrier. Specifically, the SC verifies the authenticity of the received MA through the use of Digital Signature, ensuring that only trusted agents, dispatched by authorized hosts, are allowed instantiation. The Digital Signature Scheme, based on the ‘public-private pair of keys’ paradigm has been implemented providing both authentication and integrity of agent code.
A hash of the agent code & data is generated and encrypted with the private key of manager before an agent is sent out to remote platforms. The resultant encrypted hash can be attached to the mobile agent so that platform can authenticate the agent owner and verify integrity of the agent code by using public key .
The Partial Result Encapsulation verify computational results of a mobile agent for each platforms visited by MA’s. The mobile agent requires encapsulating its results for each platform that it visited to secure against malicious host .
The encapsulation is performed to provide confidentiality by encrypting the messages. The encapsulation is done by agent itself rather than agent’s host because it is unreliable in un-trusted environment .
• The Service Facilitator Component (SFC):
The MA is activated after successful authentication and handover to the Service Facilitator (SF) component, which serves as an interface to the SNMP agent.
The SF gets requested object OID string(s) by calling the MA method and then obtained corresponding system information through interaction with the SNMP agent. If necessary, requested information can be processed automatically by invoking MA method. The value acquired, either directly by the system or as a result of computation, is passed to the SC sub-system, encrypted and encapsulated into the MA’s state.
• The Migration Facility Component (MFC):
The MFC will serialized and dispatched MA’s to the next host, or returned to the manager at the end of its itinerary.
The life cycle of an MA object and its interaction with the MAS application is summarized in Figure 3.
Two additional threads run on each Network Element, outside the boundary of the MAS:
• The Network Discovery Daemon (NDD): This allows the manager to ‘discover’ active agent processes and
• The Class Loader Daemon (CLD): whose role will be discussed in followingsection 3.4.
Figure 3: Flow Chart for MA based NMS
3.4 The Mobile Agent Generator:
The MAG is a factory for constructing customized MAs as shown in Figure 4.
A management application (GUI) allows the operator to assign a name to the MA, to define functional requirement, set the polling frequency to determine how often instances of the constructed MA will be launched and specify the classes of network devices to be polled.
Options for editing, deleting or updating an existing MA instance are also available.
Figure 4: The Mobile Agent Generator Functional Diagram
The MAG compiled skeleton Java source code with slots containing the MA’s specified properties to generate Java Byte Code. This byte code compressed and transferred through TCP connections to all operating agent hosts. The MA’s properties are compared, prior to its construction, against those of the existing MA classes to ensure that there is no other with the same functionality. On the agent side, the CLD receives and decompresses the transmitted byte code, validates the included Java class and stores it in a designated space.
It should be emphasized that the transfer of the MA byte code is performed only once, at MA construction time. From that point forward the transfer of persistent state, obtained from serializing the instance of the MA, is sufficient for the MAS entity to recognize the incoming MA and recover its state.
We have implemented Mobile Agent based Network Monitoring System using Java Platform. For creating Mobile Agents we have used JAVA’s NetBeans IDE 6.9. These agents move to the places where data are stored and retrieve the information which is requested by server. The life cycle of Mobile Agent and its retrieval of information requested by server follows the steps define in following algorithm.
Step 1: Manager Creates MA instance Step 2: Define Route
Step 3: Save State
Step 4: compress, serialize & Dispatch Step 5: MA Server Listen for Incoming MA Step 6: IF MA Arrived?
Step 7: No
Repeat step 5 Step 8: Yes
Decompress, Deserialize & Authenticate Step 9: Load State of MA
Step 10: return OID’s Step 11: Obtain OID’s
Step 12: Perform NM task & Return Data Step 13: If computation required?
Step 14: No
Go to Step 16 Step 15: Yes
Compute Requested Values Step16: Save Result & Encrypt
Step 17: Save State Step 18: go to next node Step 19: Save State
Step 20: Get Next host Name Step 21: Serialize & Compress MA Step 22: If Last Node?
Step 23: No
Dispatch MA to Next Node Repeat Step 5 to Step 22 Step 24: Yes
Load State Step 25: Display Result
We have implemented efficient & secure infrastructure based on mobile agents for network monitoring. This approach reduces processing load and bandwidth usage. The security of both agent and host that execute agent is main concern with this approach. The protection of both host that execute the agent and agent from malicious hosts are very much important.This project provides solution to authenticate received agent by using digital signature, ensuring that only trusted agents are allow to execute on host and to protect mobile agent against malicious hosts there is used of partial result encapsulation technique of security.
We have implemented Mobile Agent based Network Monitoring System using Java Platform. The Mobile
Agents created in MA based NMS move to the places where data are stored and retrieve the information which is requested by management station.
The proposed Mobile Agent based NMS infrastructure calculates bandwidth utilization & time delay during completion of management task as shown in Figure 5. This bandwidth utilization & time delay required for completion of management task is approximately same for both non-secure & secure system which authenticate mobile agent by using digital signature and to protect mobile agent against malicious host by using partial result encapsulation technique of security.
Figure 5: Output of Secure MA based NMS
VI. CONCLUSION AND FUTURE SCOPE
It has been shown that the use of MA objects leads to the sharing of workload between the manager and the agent hosts, thereby reducing bandwidth usage by applying remote data aggregation methods. Empirical results indicate a significant improvement in both response time and bandwidth consumption when compared to the centralized paradigm. Through this proposed system not only optimized MAs itinerary to minimise polling response time but also enhanced all security aspects of MAs.
The digital signature & partial result encapsulation are security mechanisms which support maximum security parameters. So, the mitigation of the damage caused by malicious hosts is achieved by combining these security mechanisms & this is better solution to overcome damage caused by malicious hosts.
There is wide scope of increment in the Network Monitoring as there can be a lot of factors including in it & there are different ways to attack monitoring system, so we can consider more factors for network monitoring and used more secure methods in combination to secure network monitoring.
 Shashank Srivastava & G.C Nandi “Enhancing the Efficiency of Secure Network Monitoring Through Mobile Agents”, Int’l Conf. on Computer & Communication Technology. 978-1-4244-9034-/10/$26.00©2010 IEEE.
 Manvi SS and Venkataram P, "A method of Network Monitoring by Mobile Agents", Intl. Conf. on Communications, Control, and Signal Processing (CCSP-2000, pp. 214-218, Banagalore, July 25-28, 2000.
 R.Pugazendi, K.Duraiswamy and E.Jayabalan “Intelligent Network Monitoring using Mobile Agent” International J. of Engg. Research & Indu. Appls. Vol.1. No V (2008), pp. 293-306. IEEE International conference on Tools with Artificial Intelligence, pp.220-223, 2009.  Umar Manzoor, Samia Nefti “Agent Based Activity Monitoring System” 20th IEEE International conference on Tools with Artificial Intelligence, pp.220-223, 2008.  Dr. A. K. Sharma, Atul Mishra, Veena Garg, “Mobile Agent Security against Malicious Hosts: Review”, International Conference on Computing and Control Engineering (ICCCE), ISBN 978-4675-2248-9, 12 & 13 April 2012.
 Rajan Sahota, “An Overview of Security Techchnique to Protect Mobile Agent from Malicious Host”, International conference on computing and Control Engineering (ICCCE 2012), 12 &13 April 2012.
 D Gavalas , D. Greenwood , M. Ghanbari and M. O’Mahony "An Infrastructure for Distributed and Dynamic Network Management based on Mobile Agent Technology", Proceedings of the ICC\'99, pp.1362 -1366, 1999.
 Prateek Gandhi, Akshit Malhotra, Vaibhav Sharma, “Project report on “ Network Monitoring and security Using Mobile Agents”.
 Tomas Sander, Christian F. Tschudin “Protecting Mobile Agents against Malicious Hosts” Proceedings of Mobile Agents and Security published by springer-verlag London UK @1998, ISBN:3-540-64792-9 and pp 44-60.  Nitin Jain, Kamlesh, Niraj Singla, “Security Issues in Mobile Agent Paradigm”, International Journal of computer Science & Management Studies, Vol. 11, Issues01, May 2011, ISSN 2231-5268.
 Richard Ssekibuule, “Mobile Agent Security against Malicious Platforms”, Cybernetics and Systems, 2010, 41(7):522-534.