ABSTRACT
Traditional intrusion detection systems have a central coordinator with a static hierarchical architecture. We propose a peer-to-peer intrusion detection system that has no central coordinator. Our approach is like that of a "neighborhood watch". A virtual neighborhood is created where neighbors take on the task of looking out for each other. When an intrusion occurs they observe this intrusion and inform the residents about this intrusion and collectively take action. We use cooperating, mobile agents for intrusion detection. Each site periodically sends mobile agents to visit and check up on its neighbors and report back. When inconsistent or anomalous behavior is observed, the observer-neighbor initiates a voting process to take action against the compromised site.
- http://www.sims.berkeley.edu/research/how-much-info-2003/printable_report.pdfGoogle Scholar
- Porras, P. A. and Neumann, P. G. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances, National Information Systems Security Conference, October 1997.Google Scholar
- Balasubramaniyan, J., Garcia-Fernandez, J. O., Isacoff, D., Spafford, E. H., and Zamboni, D. An Architecture for Intrusion Detection using Autonomous Agents, Department of Computer Science, Purdue University: Coast TR, 98-05, 1998.Google Scholar
- Staniford-Chen, S., Cheung, S., et. al., GrIDS -- A Graph Based Intrusion Detection System for Large Networks, In the Proceedings of the 19th National Information Computer Security Conference (Baltimore, MD), October 1996.Google Scholar
- G. White, E. Fisch, and U. Pooch. Cooperating security managers: A peer-based intrusion detection system, IEEE Net-work, vol. 10, no. 1, pp. 20--23, 1994.Google ScholarDigital Library
- Jansen, W., Mell, P., and Karygiannis, T., Marks, D. Mobile Agents in Intrusion Detection and Response, In the proceedings of the 12th Annual Canadian Information Technology Security Symposium, Ottawa, Canada, June 2000.Google Scholar
- Hegazy, I. M., Al-Arif, T., Fayed, Z. T. and Faheem, H. M. A multi-agent based system for intrusion detection, IEEE Potentials, Page 28--31, October/November 2003.Google Scholar
- A P2P intrusion detection system based on mobile agents
Recommendations
Intrusion detection with mobile agents
Implementing an effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, we argue that mobile agent technology goes a long way toward realizing the ideal behavior desired in an intrusion ...
Design and implementation of a misused intrusion detection system using autonomous and mobile agents
EATIS '07: Proceedings of the 2007 Euro American conference on Telematics and information systemsThis paper proposes a distributed intrusion detection system based on autonomous and mobile agents. The proposed system has four types of agents: connection agents, analyser agents, an administrator agent and a crisis agent. The system makes use of a ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Comments