IDReAM: intrusion detection and response executed with agent mobility architecture and implementation

This paper deals with a new approach to build a completely distributed and decentralized Intrusion Detection and Response System (IDRS) in computer networks. This approach is called Intrusion Detection and Response executed with Agent Mobility or IDReAM for short. Conceptually, IDReAM combines Mobile Agents (MAs) with self-organizing paradigms inspired by natural life systems. The Intrusion Detection System (IDS) borrows mechanisms from the immune system that protect the human body against external aggressions. The Intrusion Response System (IRS) borrows mechanisms from the stigmergic paradigm of a colony of ants. The two natural systems exhibit a social life by the organization of their entities (immune cells and ants) which is not possible without the functionality of mobility. Thus, in a natural way, MAs are good candidates to provide this property of mobility. After having presented IDReAM's conceptual model in a previous paper, the present paper concretely describes IDReAM's architecture and the corresponding implementation based on the conceptual model. The implementation is carried out with J-Seal2, a pure Java MA platform. This paper also provides IDReAM's assessment in term of resource consumption and intrusion detection and intrusion response efficiency.

[1]  Noria Foukia IDReAM: Intrusion Detection and Response Executed with Agent Mobility , 2004, Engineering Self-Organising Systems.

[2]  Walter Binder Design and implementation of the J-SEAL2 mobile agent kernel , 2001, Proceedings 2001 Symposium on Applications and the Internet.

[3]  Jaouad Skaita,et al.  A mobile approach for the intrusion detection , 2022 .

[4]  Salima Hassas,et al.  An Intrusion Response Scheme: Tracking the alert source using a stigmergy paradigm , 2002 .

[5]  Delbert Hart,et al.  A P2P intrusion detection system based on mobile agents , 2004, ACM-SE 42.

[6]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[7]  Salima Hassas,et al.  Combining Immune Systems and Social Insect Metaphors: A Paradigm for Distributed Intrusion Detection and Response System , 2003, MATA.

[8]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[9]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[10]  M. Asaka,et al.  A method of tracing intruders by use of mobile agents , 1999 .

[11]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .

[12]  Ngoc Thanh Nguyen,et al.  A Mobile Agent Approach to Intrusion Detection in Network Systems , 2005, KES.

[13]  Luci Pirmez,et al.  Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications , 1999, Recent Advances in Intrusion Detection.

[14]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..