A denial-of-service resistant intrusion detection architecture
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A Software Agent Architecture for Network Management: Case Studies and Experience Gained
Journal of Network and Systems Management
An Open Secure Mobile Agent Framework for SystemsManagement
Journal of Network and Systems Management
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet
Journal of Network and Systems Management
Mobile agent based intrusion detection system adopting hidden Markov model
ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
A hierarchical identity based key management scheme in tactical mobile ad hoc networks
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Real-time intrusion detection in ubiquitous networks with a string-based approach
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Hi-index | 0.00 |
Modern Intrusion Detection Systems (IDSs) are distributed real-time systems that detect unauthorized use or attacks upon an organization's network and/or hosts. The components of most distributed IDSs are arranged in a hierarchical tree structure, where the sensor nodes pass information to the analyzer nodes. Optimal placement of the analyzer nodes results in an improved response time for the IDS, and isolation of attacks within the IDS network. Since the network topology and workload are constantly changing, we are able to maintain near-optimal placement of the analyzer nodes by instantiating them as mobile agents. The analyzer nodes may then relocate, reproduce or be deleted as necessary. Such flexibility improves the response times and the stability of an IDS. The movement of the analyzer nodes also offers some protection against denial-of-service attacks, since secure analyzer nodes will be relocated to take over some of the functionality of the host under attack.