A Flow-based Distributed Intrusion Detection System Using Mobile Agents

In recent decade, computer networks have grown in popularity. So, network security measures become highly critical to protect networks against different kind of cyber attacks. One of the security measures is using intrusion detection system (IDS). An IDS aims to detect behaviors that compromise network integrity, availability and confidentiality, by continuously capturing and analyzing events occurring in the network. A challenging problem for current IDSs is that their performance decreases in today’s high speed and large scale networks. A centralize IDS cannot process such high volume of data and there is a high possibility that it discards some attacks. In this paper we propose a flow-based distributed IDS using mobile agents (MA), which performs both data capturing and data analyzing in a distributed fashion. Our distributed IDS provides a framework for deployment of a scalable and high performance IDS, which by using a grouping mechanism and help of mobile agents, effective collaboration can be established between all network members. We simulated our method in NS2. Then we compared our proposed system with a general network-based IDS and a distributed IDS. Experimental results showed its superiority using several metrics of network load, detection rate and flow loss rate. DOI: http://dx.doi.org/10.11591/ijece.v3i6.3936

[1]  Khaled Ghédira,et al.  Agent IDS based on Misuse Approach , 2009, J. Softw..

[2]  Reza Firsandaya Malik,et al.  The New Multipoint Relays Selection in OLSR using Particle Swarm Optimization , 2012 .

[3]  Wang Ying,et al.  A Novel Routing Protocol for VANETS , 2013 .

[4]  R. Sasikumar,et al.  Dynamic Distributed Intrusion Detection System Based on Mobile Agents with Fault Tolerance , 2012 .

[5]  Joanne Treurniet,et al.  A Network Activity Classification Schema and Its Application to Scan Detection , 2011, IEEE/ACM Transactions on Networking.

[6]  Karim Faez,et al.  A novel threshold-based scan detection method using genetic algorithm , 2013, SIN.

[7]  Jennifer C. Hou,et al.  An In-Depth, Analytical Study of Sampling Techniques for Self-Similar Internet Traffic , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[8]  Robert F. Erbacher,et al.  Distributed Sensor Objects for Intrusion Detection Systems , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[9]  Karim Faez,et al.  An efficient architecture for distributed intrusion detection system , 2013, 2013 10th International ISC Conference on Information Security and Cryptology (ISCISC).

[10]  Burkhard Stiller,et al.  DiCAP: Distributed Packet Capturing architecture for high-speed network links , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[11]  James Won-Ki Hong,et al.  The Architecture of NG-MON: A Passive Network Monitoring System for High-Speed IP Networks , 2002, DSOM.

[12]  Yu Lin,et al.  Easily-Implemented Adaptive Packet Sampling for High Speed Networks Flow Measurement , 2006, International Conference on Computational Science.

[13]  Eduardo Magaña,et al.  Sampling time-dependent parameters in high-speed network monitoring , 2006, PM2HW2N '06.

[14]  Vidar Slåtten,et al.  Modeling a distributed intrusion detection system using collaborative building blocks , 2011, SOEN.

[15]  Arndt von Staa,et al.  Testing & Debugging Multi-Agent Systems: A State of the Art Report , 2006 .

[16]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[17]  Aiko Pras,et al.  Simpleweb/University of Twente Traffic Traces Data Repository , 2010 .