Randomly roving agents for intrusion detection

Authors:
Ira S. Moskowitz;Myong H. Kang;LiWu Chang;Garth E. Longdon
Affiliations:
Information Technology Division, Mail Code 5540, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, D.C.;Mitretek Systems, 7525 Colshire Dr., McLean, VA;Information Technology Division, Mail Code 5540, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, D.C.;ITT Industries, Mail Code 5540, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, D.C.
Venue:
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Year:
2001

Citing 2
Cited 0

How to share a secret

Communications of the ACM
Intrusion detection using autonomous agents

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Agent based intrusion detection systems (IDS) have advantages such as scalability, reconfigurability, and survivability. In this paper, we introduce a mobile-agent based IDS, called ABIDE (Agent Based Intrusion Detection Environment). ABIDE is comprised of various types of agents, all of which are mobile, lightweight, and specialized. The most common form of agent is the DMA (Data Mining Agent), which randomly moves around the network and collects information. The DMA then relays the information it has gathered to a DFA (Data Fusion Agent) which assesses the likelihood of intrusion. As we show in this paper, there is a quantifiable relationship between the number of DMA and the probability of detecting an intrusion. We study this relationship and its implications.