The Internet began in 1969 as the ARPANET, a project funded by the Advanced Research Projects Agency (ARPA) of the U.S. Department of Defense. Although the Internet was originally designed as a research and education network, usage patterns have radically changed. It is now a worldwide collection of loosely connected networks that are accessible by individual computer hosts in a variety of ways, including gateways, routers, dial-up connections, and Internet service providers. The Internet is easily accessible to anyone with a computer and a network connection. Individuals and organizations worldwide can reach any point on the network without regard to national or geographic boundaries or time of day. Increased reliance on the Internet is expected over the next five years, along with increased attention to its security.

People have always been making great efforts to create a more secure environment for applications to be operated on than the environment exists today. Several aspects are expected to be addressed to in terms of improving Internet secure in the future.

At one point, network protocols security foundation needs to be improved. Most of the network protocols currently in use have changed little since the early definitions of the ARPA research and education network. To have a secure foundation for the critical Internet applications of the future, severe weaknesses must be addressed: lack of encryption to preserve privacy, lack of cryptographic authentication to identify the source of information, and lack of cryptographic checksums to preserve the integrity of data (and the integrity of the packet routing information itself). New internetworking protocols are under development which uses cryptography to authenticate the originator of a packet and to protect the integrity and confidentiality of data.

At another point, Intrusion detection is recognized as a problematic area of research that is still in its infancy. Basically there are two major areas of research in intrusion detection: anomaly detection and pattern recognition. Research in anomaly detection is based on determining patterns of "normal" behavior for networks, hosts, and users and then detecting behavior that is significantly different (anomalous). The goal of the second major area of intrusion detection is to detect patterns of network, host, and user activity that match known intruder attack scenarios.

In terms of web-related programming and scripts, web-related programming languages pose new security challenges and concerns because code is downloaded, installed, and run on a user's machine without a review of source code. These activities can be triggered by following any hypertext link or opening any page while browsing. A user may not even be aware that code has been downloaded and executed. Some Web-related programming languages, most notably JAVA, have built-in security features, but security experts are concerned about the adequacy of these features.

The future Internet environment is likely to be increasingly dependent on an agent-based model of computing, with significant implications for Internet security. The conceptual model of agent operation is that an intelligent agent, at the request of a user, goes to one or more remote hosts to perform a computation or gather information and then returns to the user with the result. An agent's mode of operation may range from partially to fully autonomous, and the degree to which an agent is autonomous may vary too.

A future agent-based computing environment may include features such as these:

• Agents share information and cooperate to complete the user's task.

• Agents protect themselves with intrinsic security mechanisms but also depend on
some measure of extrinsic security provided by the infrastructure and cooperating agents.

• Since most of an agent's activity takes place outside the user's domain of administrative control, the traditional firewall has little to contribute to security.

• Replication and agent diversity provide increased survivability while under attack and under conditions of degraded or uncertain infrastructure support.

• Agents communicate to enhance the detection of threats. Specialized sensor agents are specifically designed to detect particular types of threats, and groups of diverse sensor agents provide the entire agent "collective" with a comprehensive profile of current threats.

• The agent-supported infrastructure protects itself and takes defensive action without user intervention.