DIDMA: A Distributed Intrusion Detection System Using Mobile Agents

Authors:
Pradeep Kannadiga;Mohammad Zulkernine
Affiliations:
Queenýs University;Queenýs University
Venue:
SNPD-SAWN '05 Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks
Year:
2005

Citing 0
Cited 7

Composition of a DIDS by integrating heterogeneous IDSs on grids

Proceedings of the 4th international workshop on Middleware for grid computing
An analysis of distributed sensor data aggregation for network intrusion detection

Microprocessors & Microsystems
Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems

ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A Snort-based agent for a JADE multi-agent intrusion detection system

International Journal of Intelligent Information and Database Systems
On distributed intrusion detection systems design for high speed networks

ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Detection of DDoS attacks via an artificial immune system-inspired multiobjective evolutionary algorithm

EvoCOMNET'10 Proceedings of the 2010 international conference on Applications of Evolutionary Computation - Volume Part II
Correlation in distributed intrusion detection system using mobile agent

ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The widespread proliferation of Internet connections has made current computer networks more vulnerable to intrusions than before. In network intrusions, there may be multiple computing nodes that are attacked by intruders. The evidences of intrusions have to be gathered from all such attacked nodes. An intruder may move between multiple nodes in the network to conceal the origin of attack, or misuse some compromised hosts to launch the attack on other nodes. To detect such intrusion activities spread over the whole network, we present a new intrusion detection system (IDS) called Distributed Intrusion Detection using Mobile Agents (DIDMA). DIDMA uses a set of software entities called mobile agents that can move from one node to another node within a network, and perform the task of aggregation and correlation of the intrusion related data that it receives from another set of software entities called the static agents. Mobile agents reduce network bandwidth usage by moving data analysis computation to the location of the intrusion data, support heterogeneous plat-forms, and offer a lot of flexibility in creating a distributed IDS. DIDMA utilizes the above-mentioned beneficial features offered by mobile agent technology and addresses some of the issues with centralized IDS models. The detailed architecture and implementation of a prototype of DIDMA are described. It has been tested using some well-known attacks and performances have been com-pared with centralized IDS models.