An analysis of distributed sensor data aggregation for network intrusion detection
Microprocessors & Microsystems
| Hi-index | 0.01 |
Distributed intrusion detection systems have many advantages over their centralized counterparts such as scalability, subversion resistance, and graceful service degradation.However, an important disadvantage is their inability to block packets immediately when an intrusion is detected. To tackle this problem, we propose a network-based preemptive distributed intrusion detection system using mobile agents. Packets are diverted to various types of agents strategically placed over the network. Various agents perform tasks in control, detection, policy, and blocking. Suspect packets are blocked before they reach the destination when an intrusion is detected and the policy verdicts for blockage. Ways to mitigate negative impacts of our system on network traffic and latency are discussed.