Distributed intrusion detection system using sensor based mobile agent technology (original) (raw)
Related papers
Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents
The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems ( IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.
Dynamic Multi Layer Signature Based Intrusion Detection System Using Mobile Agents
Arxiv preprint arXiv:1010.5036, 2010
Intrusion detection systems have become a key component in ensuring the safety of systems and networks. As networks grow in size and speed continues to increase, it is crucial that efficient scalable techniques should be developed for IDS systems. Signature based detection is the most extensively used threat detection technique for Intrusion Detection Systems (IDS). One of the foremost challenges for signature based IDS systems is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Dynamic Multi-Layer Signature based IDS using Mobile Agents, which can detect imminent threats with very high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using Mobile Agents.
IJERT-Intrusion Detection System Using Mobile Agent Technology
International Journal of Engineering Research and Technology (IJERT), 2013
https://www.ijert.org/intrusion-detection-system-using-mobile-agent-technology https://www.ijert.org/research/intrusion-detection-system-using-mobile-agent-technology-IJERTV2IS120630.pdf The Internet and computer networks are exposed to an increasing number of security threats. With new types ofattacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.
Algorithm to Detect Intrusions using Multi Layer Signature Based Model
Algorithm to Detect Intrusions using Multi Layer Signature Based Model, 2012
The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In recent years, intrusion detection system (IDS) had been developed as a new approach system to defend networking systems, which properly combines the firewall technique with the intrusion detection. These systems try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network.In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities.Signature based detection is the most extensively used threat detection technique for Intrusion Detection Systems (IDS). One of the foremost challenges for signature-based IDS systems is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Dynamic Multi-Layer Signature based IDS using Mobile Agents, which can detect imminent threats with very high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using Mobile Agents.
Distributed Intrusion Detection System Using Mobile Agent
2015
The goal of Distributed Intrusion Detection System is to analyze events on the network and identify attacks. The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS). There is a difficulty to find intrusion in an distributed network segment from inside as well as from outside network. Intrusion detection system studies very huge amount of data in a network. Intrusion detection system also check that load additional significant is not placed in the system and also not placed in network of monitoring. The Centralized intrusion detection system having certain drawbacks which later on comes with the idea of mobile agent. There is no central point of failure because there is no central station in an agent based Intrusion detection system. Agents can detect malicious activity. After finding malicious activity in a network, predefined actions were take...
Mobile Agents in Intrusion Detection System: Review and Analysis
Modern Applied Science, 2011
Intrusion Detection System (IDS) is used to detect intrusion and then alert the system administrator about the intrusion. This is what traditional IDS is all about. It is then up to the system administrator to deal with the intrusion. Human intervention is still needed when it comes to dealing with intrusion. This is because traditional IDS could only detect the intrusion but could not, on its own respond towards the intrusion. IDS is only able to alert the system administrator when it detects an intrusion. How and when the intrusion is dealt with is up to the system administrator. Human intervention when dealing with intrusion is not a problem if the person assigned to that task is always reliable. Therefore, this paper analyzes the evolution of IDS and how mobile agents such as SNORT could increase the integrity of traditional systems without human intervention.
Distributed and scalable intrusion detection system based on agents and intelligent techniques
2010
Abstract—The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed.
A Signature-based Intrusion Detection System (IDS) helps in maintaining the integrity of data in a network controlled environment. Unfortunately, this type of IDS depends on predetermined intrusion patterns that are manually created. If the signature database of the Signature-based IDS is not updated, network attacks just pass through this type of IDS without being noticed. To avoid this, an Anomaly-based IDS is used in order to countercheck if a network traffic that is not detected by Signature-based IDS is a true malicious traffic or not. In doing so, the Anomalybased IDS might come up with several numbers of logs containing numerous network attacks which could possibly be a false positive. This is the reason why the Anomaly-based IDS is not perfect, it would readily alarm the system that a network traffic is an attack just because it is not on its baseline. In order to resolve the problem between these two IDSs, the goal is to correlate data between the logs of the Anomaly-based IDS and the packet that has been captured in order to determine if a network traffic is really malicious or not. With the supervision of a security expert, the malicious network traffic would be verified as malicious. Using machine learning, the researchers can identify which algorithm is better than the other algorithms in classifying if a certain network traffic is really malicious. Upon doing so, the creation of signatures would follow by basing the automated creation of signatures from the detected malicious traffic.
A survey on anomaly and signature based intrusion detection system (IDS
Security is considered as one of the most critical parameter for the acceptance of any networking technology. Information in transit must be protected from unauthorized release and modification, and the connection itself must be established and maintained securely malicious users have taken advantage of this to achieve financial gain or accomplish some corporate or personal agenda. Denial of Service (DoS) and distributed DoS (DDoS) attacks are evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money. Combination of Intrusion detection System and Firewall is used by Business Organizations to detect and p revent Organizations" network from these attacks. Signatures to detect them are not available. This paper presents a light-Weight mechanism to detect novel DoS/DDoS (Resource Consumption) attacks and automatic signature generation process to represent them in real time. Experimental results are provided to support the proposed mechanism.
An Efficient Flow-based Distributed Intrusion Detection System Using Mobile Agents
International Journal of Electrical and Computer Engineering (IJECE), 2013
In recent decade, computer networks have grown in popularity. So, network security measures become highly critical to protect networks against different kind of cyber attacks. One of the security measures is using intrusion detection system (IDS). An IDS aims to detect behaviors that compromise network integrity, availability and confidentiality, by continuously capturing and analyzing events occurring in the network. A challenging problem for current IDSs is that their performance decreases in today's high speed and large scale networks. A centralize IDS cannot process such high volume of data and there is a high possibility that it discards some attacks. In this paper we propose flow-based distributed IDS using mobile agents (MA), which performs both data capturing and data analyzing in a distributed fashion. Our distributed IDS provides a framework for deployment of a scalable and high performance IDS, which by using a grouping mechanism and help of mobile agents, effective collaboration can be established between all network members. We simulated our method in NS2. Then we compared our proposed system with general network-based IDS and distributed IDS. Experimental results showed its superiority using several metrics of network load, detection rate and flow loss rate.