INTELLIGENT INTRUSION DETECTION SYSTEM FRAMEWORK USING MOBILE AGENTS

An intrusion detection system framework using mobile agents is a layered framework mechanism designed to support heterogeneous network environments to identify intruders at its best. Traditional computer misuse detection techniques can identify known attacks efficiently, but perform very poorly in other cases. Anomaly detection has the potential to detect unknown attacks; however, it is a very challenging task since its aim is to detect unknown attacks without any priori knowledge about specific intrusions. This technology is still at its early stage. The objective of this paper is that the system can detect anomalous user activity. Existing research in this area focuses either on user activity or on program operation but not on both simultaneously. In this paper, an attempt to look at both concurrently is presented. Based on an intrusion detection framework [1], a novel user anomaly detection system has been implemented and conducted several intrusion detection experiments in a simulated environment by analyzing user activity and program operation activities. The proposed framework is a layered framework, which is designed to satisfy the core purpose of IDS, and allows detecting the intrusion as quickly as possible with available data using mobile agents. This framework was mainly designed to provide security for the network using mobile agent mechanisms to add mobility features to monitor the user processes from different computational systems. The experimental results have shown that the system can detect anomalous user activity effectively.