Distribution IDS Based on Mobile Agent and Snort

This paper provides distributed intrusion detection based on network and host.The system uses Snort as a network for information collection producing MLSI.The mobile agent is used to fusion MLSI to detect intrusion behaviors that can't be detected by traditional intrusion detection system.The functional components of the system are explained.The system uses the mobile,autonomy and other characteristics of mobile agent to overcome the defects of no real-time,limited flexibility and lack of dynamic expansion in existing distributed intrusion detection system.Finally,an example of attack detection doorknob is given.