Network Intrusions

(contact Kenneth De Jong kdejong —at— cs.gmu.edu

Network Intrusion is an agent-based model designed to study computer network security issues, first developed in Ascape and then ported to MASON by an inexperienced MASON developer to test the difficulty and speed of porting to the new system (with, we felt, very positive results). The current version models a network of 2500 computer systems connected via two overlaid grid topologies: IP address space (or physical space), and remote login space. In these spaces live two kinds of agents: computer systems and one or more hackers. Each computer system has a set of security policies implemented when the system is believed to be compromised.

A computer may be classified as secure, threatened (in the sense that a nearby computer has been compromised), compromised at a user-level, or compromised at the super-user level. The parameters of the model allow one to understand the effects of changes in security policies as well as the effects of changes in hacker behavior.