论文信息 - Optimizing the Scalability of Network Intrusion Detection Systems Using Mobile Agents

Optimizing the Scalability of Network Intrusion Detection Systems Using Mobile Agents

Modern Intrusion Detection Systems (IDSs) are distributed real-time systems that detect unauthorized use or attacks upon an organization's network and/or hosts. The components of most distributed IDSs are arranged in a hierarchical tree structure, where the sensor nodes pass information to the analyzer nodes. Optimal placement of the analyzer nodes results in an improved response time for the IDS, and isolation of attacks within the IDS network. Since the network topology and workload are constantly changing, we are able to maintain near-optimal placement of the analyzer nodes by instantiating them as mobile agents. The analyzer nodes may then relocate, reproduce or be deleted as necessary. Such flexibility improves the response times and the stability of an IDS. The movement of the analyzer nodes also offers some protection against denial-of-service attacks, since secure analyzer nodes will be relocated to take over some of the functionality of the host under attack.

[1] Karl N. Levitt,et al. GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[2] T. Karygiannis,et al. MOBILE AGENTS IN INTRUSION DETECTION AND RESPONSE , .

[3] Paolo Bellavista,et al. An Open Secure Mobile Agent Framework for Systems Management , 1999, Journal of Network and Systems Management.

[4] Jacques Labetoulle,et al. A Software Agent Architecture for Network Management: Case Studies and Experience Gained , 2004, Journal of Network and Systems Management.

[5] Ronald L. Rivest,et al. Introduction to Algorithms , 1990 .

[6] Peter Mell,et al. Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems , 1999, Recent Advances in Intrusion Detection.

[7] Peter Mell,et al. A denial-of-service resistant intrusion detection architecture , 2000, Comput. Networks.

[8] Eugene H. Spafford,et al. An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[9] Tian Jing. Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems , 2003 .