Immunity-Based Approaches for Self-Monitoring in Distributed Intrusion Detection System

In distributed intrusion detection systems, self-monitoring is a difficult problem. One possibility is that each intrusion detection system is checked periodically by others. In our previous research for the self-monitoring, we proposed mutual tests between intrusion detection system and mobile agent using an immunity-based diagnosis. However, we have not clarified advantages and disadvantages of using mobile agent. In this paper, we compare the approach using mobile agent with that using host-to-host communication. Some simulation results show that in comparison with the host-to-host communication, mobile agents need twice as much time to detect corrupted intrusion detection systems, whereas a smaller number of mobile agents can identify correctly.

[1]  N. K. Jerne,et al.  The immune system. , 1973, Scientific American.

[2]  Yoshiteru Ishida Fully distributed diagnosis by PDP learning algorithm: towards immune network PDP model , 1990, 1990 IJCNN International Joint Conference on Neural Networks.

[3]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[4]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[5]  Wayne A. Jansen,et al.  Intrusion detection with mobile agents , 2002, Comput. Commun..

[6]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[7]  Dipankar Dasgupta,et al.  Immunity-Based Intrusion Detection System: A General Framework , 1999 .