Optimizing the Scalability of Network Intrusion Detection Systems Using Mobile Agents

Authors:
Donald G. Marks;Peter Mell;Michael Stinson
Affiliations:
Department of Mathematical and Computer Sciences, University of Tulsa, Tulsa, Oklahoma/ donald-marks@utulsa.edu;National Institute of Standards and Technology, Gaithersburg, Maryland/ peter.mell@nist.gov;Central Michigan University, Mt. Pleasant, Michigan/ stinson@cmich.edu
Venue:
Journal of Network and Systems Management
Year:
2004

Citing 3
Cited 4

A denial-of-service resistant intrusion detection architecture

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A Software Agent Architecture for Network Management: Case Studies and Experience Gained

Journal of Network and Systems Management
An Open Secure Mobile Agent Framework for SystemsManagement

Journal of Network and Systems Management

Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

Journal of Network and Systems Management
Mobile agent based intrusion detection system adopting hidden Markov model

ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
A hierarchical identity based key management scheme in tactical mobile ad hoc networks

MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Real-time intrusion detection in ubiquitous networks with a string-based approach

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modern Intrusion Detection Systems (IDSs) are distributed real-time systems that detect unauthorized use or attacks upon an organization's network and/or hosts. The components of most distributed IDSs are arranged in a hierarchical tree structure, where the sensor nodes pass information to the analyzer nodes. Optimal placement of the analyzer nodes results in an improved response time for the IDS, and isolation of attacks within the IDS network. Since the network topology and workload are constantly changing, we are able to maintain near-optimal placement of the analyzer nodes by instantiating them as mobile agents. The analyzer nodes may then relocate, reproduce or be deleted as necessary. Such flexibility improves the response times and the stability of an IDS. The movement of the analyzer nodes also offers some protection against denial-of-service attacks, since secure analyzer nodes will be relocated to take over some of the functionality of the host under attack.