A Distributed Intrusion Detection Prototype using Security Agents

Intrusion Detection is the problem of identifying unauthorized use, misuse, and abuse of computer systems by both system insiders and external intruders. Intrusion Detection Systems provide in depth packet analysis and application awareness and can be deployed for discovering network attacks. In this scenario a system that gives intelligence about the traffic on your network is necessary. This paper describes a prototype for Distributed Intrusion Detection considering a large-scale network environment in order to monitor multiple hosts connected via a network as well as the network itself. The design and implementation of our Distributed Intrusion Detection prototype relies on Security Agents which monitor network traffic and report intrusion alerts to a central management node. The Intrusion Detection Prototype is comprised of sensor and management elements. Distributed operation is handled through the introduction of multiple sensors and the use of Security Agents that are responsible for incident reporting and message propagation control.