MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agent

Distributed intrusion detection systems (IDS) have many advantages such as scalability, subversion resistance, and graceful service degradation. However, there are some impediments when they are implemented. The mobile agent (MA) technology is of many features to suit the implementation of distributed IDS. In this paper, we propose a novel architecture _•• MA·IDS with MA technology for distributed IDS. MA-IDS employsMA technology to coordinately process information from each monitored host, and then completes global information extraction of intruder actions. A prototype of mobile agent-based distributed intrusion detection system by following MA·IDS is developed. The system also introduces uncertain factor into intrusion decision, which accords with the objective reality that human behavior is changeful. We demonstrate the advantages and the potentials of MA·IDS by the result of evaluation.

[1]  Victor K.-W. Wei,et al.  Preemptive distributed intrusion detection using mobile agents , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[2]  J. Noelle McAuliffe,et al.  Is your computer being misused? A survey of current intrusion detection system technology , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[3]  Edward Amoroso,et al.  A selection criteria for intrusion detection systems , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).