Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents

The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems ( IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.

[1]  Yong Tang,et al.  Slowing down Internet worms , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[2]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[3]  Jeong-Nyeo Kim,et al.  Design of packet detection system for high-speed network environment , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[4]  Mehdi Salour,et al.  Dynamic Two-Layer Signature-Based IDS with Unequal Databases , 2007, Fourth International Conference on Information Technology (ITNG'07).

[5]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[6]  Hong Shen,et al.  An Observation-Centric Analysis on the Modeling of Anomaly-based Intrusion Detection , 2007, Int. J. Netw. Secur..

[7]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[8]  Tarun Bhaskar,et al.  A Hybrid Model for Network Security Systems: Integrating Intrusion Detection System with Survivability , 2008, Int. J. Netw. Secur..

[9]  Calcagnini Giovanni Fun with Packets: Designing a Stick , 2002 .

[10]  Azizah Abdul Rahman,et al.  Dynamic Multi Layer Signature based Intrusion Detection system Using Mobile Agents , 2010, ArXiv.

[11]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[12]  Dawn Xiaodong Song,et al.  Dynamic quarantine of Internet worms , 2004, International Conference on Dependable Systems and Networks, 2004.

[13]  Guofei Gu,et al.  HoneyStat: Local Worm Detection Using Honeypots , 2004, RAID.

[14]  Ali A. Ghorbani,et al.  A Feature Classification Scheme For Network Intrusion Detection , 2007, Int. J. Netw. Secur..

[15]  John W. Lockwood,et al.  Fast and scalable pattern matching for content filtering , 2005, 2005 Symposium on Architectures for Networking and Communications Systems (ANCS).

[16]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[17]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[18]  Mohammad Zulkernine,et al.  Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection , 2006, 2006 IEEE International Conference on Communications.

[19]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[20]  nbspRana M Pir Intrusion Detection Systems with Snort , 2015 .

[21]  Paul D. Franzon,et al.  Configurable string matching hardware for speeding up intrusion detection , 2005, CARN.

[22]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).