College of Engineering

The state of computer security is complex. With computers taking multiple forms including such lightweight devices as smartphones and virtual machines and then connecting these devices to the open Internet, the task of securing devices become harder. To attempt to provide protection from threats it is a common practice to install Security Event Monitors. In this thesis, we present a lightweight host-based security event monitoring and response system called the Hive Mind that is designed to enable coordination among participating nodes for improved detection combined with reduced resource usage. We also present a model for automatic response in such lightweight systems. The Hive Mind is a host-based security event monitor (SEM), a system that monitors intermittently for potential threats and indirectly communicates the existence of a problem to other nodes using a stigmergic approach inspired from biological systems. When we apply the system on example scenarios, the results demonstrate that the Hive Mind system is consistent with the theory it is built on.