Some applications of the technology of mobile agent (MA) in intrusion detection system (IDS) have been developed. MA technology can bring IDS flexibility and enhanced distributed detection ability. However, the security of mobile agents and methods of collaboration among mobile agents are important problems cared by many researchers. For that, we designed a security mobile agent system for distributed intrusion detection and implemented a prototype. In this paper, we firstly analyze the shortcomings of current IDSs and discuss the state of the art for applying MA technology in IDS. Then we present our MA-IDS architecture and detail methods of local intrusion detection and distributed intrusion detection. The structure and security architecture of MAs are expatriated emphatically in Section 3. Finally we demonstrate the advantages of our MA-IDS architecture and our future research contents.
[1]
Mehdi Jazayeri,et al.
Gypsy: a component-based mobile agent system
,
2000,
Proceedings 8th Euromicro Workshop on Parallel and Distributed Processing.
[2]
M. Asaka,et al.
A method of tracing intruders by use of mobile agents
,
1999
.
[3]
Salvatore J. Stolfo,et al.
A data mining framework for building intrusion detection models
,
1999,
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).
[4]
Peter Mell,et al.
Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems
,
1999,
Recent Advances in Intrusion Detection.