LAMAIDS: A Lightweight Adaptive Mobile Agent-based Intrusion Detection System

Intrusion detection system (IDS) has become an essential component of a computer security scheme as the number of security-breaking attempts originating inside organizations is increasing steadily. The idea of filtering the traffic at the “entrance door” (by firewalls, for instance) is not completely successful since it does not allow monitoring of local traffic. This paper presents a lightweight and adaptive mobile agent-based intrusion detection system (LAMAIDS) that detects intrusion from outside the network as well as from inside. A main machine, being a typical intrusion detection system residing at a secure location, creates mobile IDS agents and dispatches them into the network. The mobile IDS agents are equipped with lightweight IDS capabilities and decision-making. On each hop, the agents sniff the network traffic and look for abnormal activities using a set of rules supplied by the main machine. Simulation results based on real-world scenarios demonstrate significant improvements in terms of detection rate, network overhead, and adaptability, scalability, and fault tolerance.

[1]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[2]  Edson dos Santos Moreira,et al.  Implementation of an intrusion detection system based on mobile agents , 2000, 2000 Proceedings International Symposium on Software Engineering for Parallel and Distributed Systems.

[3]  Depei Qian,et al.  Multi-agent based intrusion detection architecture , 2001, Proceedings 2001 International Conference on Computer Networks and Mobile Computing.

[4]  W. Hunteman Automated Information System (AIS) Alarm System , 1997 .

[5]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[6]  John R. Koza,et al.  Genetic programming - on the programming of computers by means of natural selection , 1993, Complex adaptive systems.

[7]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[8]  Salima Hassas,et al.  A distributed Intrusion Detection and Response System based on mobile autonomous agents using social insects communication paradigm , 2001, Electron. Notes Theor. Comput. Sci..

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[11]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[12]  Jun Zhang,et al.  MADIDS: a novel distributed IDS based on mobile agent , 2003, OPSR.

[13]  Neil C. Rowe,et al.  A Distributed Autonomous-Agent Network-Intrusion Detection and Response System , 1998 .

[14]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[15]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[16]  R. Power CSI/FBI computer crime and security survey , 2001 .

[17]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[18]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[19]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[20]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .