论文信息 - A P2P intrusion detection system based on mobile agents

A P2P intrusion detection system based on mobile agents

Traditional intrusion detection systems have a central coordinator with a static hierarchical architecture. We propose a peer-to-peer intrusion detection system that has no central coordinator. Our approach is like that of a "neighborhood watch". A virtual neighborhood is created where neighbors take on the task of looking out for each other. When an intrusion occurs they observe this intrusion and inform the residents about this intrusion and collectively take action. We use cooperating, mobile agents for intrusion detection. Each site periodically sends mobile agents to visit and check up on its neighbors and report back. When inconsistent or anomalous behavior is observed, the observer-neighbor initiates a voting process to take action against the compromised site.

Delbert Hart | Geetha Ramachandran

[1] H. M. Faheem,et al. A multi-agent based system for intrusion detection , 2003 .

[2] Eugene H. Spafford,et al. An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[3] Udo W. Pooch,et al. Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[4] T. Karygiannis,et al. MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[5] Karl N. Levitt,et al. GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[6] Peter G. Neumann,et al. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.