DIDMA: a distributed intrusion detection system using mobile agents

The widespread proliferation of Internet connections has made current computer networks more vulnerable to intrusions than before. In network intrusions, there may be multiple computing nodes that are attacked by intruders. The evidences of intrusions have to be gathered from all such attacked nodes. An intruder may move between multiple nodes in the network to conceal the origin of attack, or misuse some compromised hosts to launch the attack on other nodes. To detect such intrusion activities spread over the whole network, we present a new intrusion detection system (IDS) called distributed intrusion detection using mobile agents (DIDMA). DIDMA uses a set of software entities called mobile agents that can move from one node to another node within a network, and perform the task of aggregation and correlation of the intrusion related data that it receives from another set of software entities called the static agents. Mobile agents reduce network bandwidth usage by moving data analysis computation to the location of the intrusion data, support heterogeneous plat-forms, and offer a lot of flexibility in creating a distributed IDS. DIDMA utilizes the above-mentioned beneficial features offered by mobile agent technology and addresses some of the issues with centralized IDS models. The detailed architecture and implementation of a prototype of DIDMA are described. It has been tested using some well-known attacks and performances have been corn-pared with centralized IDS models.

[1]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[2]  Sushil Jajodia,et al.  Intrusion Detection in Distributed Systems: An Abstraction-Based Approach , 2003 .

[3]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  M. Asaka,et al.  A method of tracing intruders by use of mobile agents , 1999 .

[5]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[6]  Mohammad Zulkernine,et al.  Towards an intrusion detection system for pervasive computing environments , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[7]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[8]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[9]  Biswanath Mukherjee,et al.  Analysis of an algorithm for distributed recognition and accountability , 1993, CCS '93.

[10]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[11]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[12]  Wayne A. Jansen,et al.  Intrusion detection with mobile agents , 2002, Comput. Commun..

[13]  Edson dos Santos Moreira,et al.  Implementation of an intrusion detection system based on mobile agents , 2000, 2000 Proceedings International Symposium on Software Engineering for Parallel and Distributed Systems.

[14]  Yan Zhang,et al.  A safe mobile agent system for distributed intrusion detection , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[15]  Sushil Jajodia,et al.  Intrusion Detection in Distributed Systems , 2004, Advances in Information Security.

[16]  Levent Ertaul,et al.  Mobile Agent Security , 2006, Security and Management.