The Internet is being widely used these days and many users are required to manage their network environments, because damages caused by worms, which spread using security holes of software, are also increasing rapidly. One of the effective means of detecting the damages caused by the worms in early stage is to analyze the network communication logs stored in computers that are spread over a wide area. However, almost all network administrators are not able to install many observation points, though a large number of observation points over a wide area of a network are needed to grasp symptoms of attacks precisely. In this paper, we propose an agent based log analyzing system by integrating the concepts of P2P network and mobile agents to realize detection and protection from the damages which may be caused by the worms in early stage. We also show results of experiments using our prototype system. The results show that our system can collect useful information from a wide area of a network, and provide means of flexible and on-demand analysis of network traffic logs to detect hostile attacks on the network.
[1]
Salima Hassas,et al.
A distributed Intrusion Detection and Response System based on mobile autonomous agents using social insects communication paradigm
,
2001,
Electron. Notes Theor. Comput. Sci..
[2]
Christopher Krügel,et al.
Applying Mobile Agent Technology to Intrusion Detection
,
2001
.
[3]
Giovanni Vigna,et al.
NetSTAT: A Network-based Intrusion Detection System
,
1999,
J. Comput. Secur..
[4]
Wayne A. Jansen,et al.
Intrusion detection with mobile agents
,
2002,
Comput. Commun..
[5]
T. Karygiannis,et al.
MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE
,
.
[6]
Zhao Jun.
Distributed Intrusion Detection System
,
2006
.