A distributed intrusion detection prototype using security agents (original) (raw)

An Architecture of a Distributed Intrusion Detection System Using Cooperating Agents

Proceedings of the International Conference on Computing and Informatics (ICOCI ’06), pp. 1-6. Computer and Security Track, June 6-8, 2006, Kuala Lumpur, Malaysia. Paper ID: 007, 2006

An Intrusion Detection System (IDS) is a security mechanism that is expected to monitor and detect intrusions into the computer systems in real time. The currently available intrusion detection systems have a number of problems that limit their configurability, scalability, and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. In this paper, we propose a distributed architecture with autonomous and cooperating agents without any central analysis component. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in design of an IDS in terms of scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. We have developed a proof-of-concept prototype, and conducted experiments on the system. The results show the effectiveness of our system in detecting intrusive activities in any network of workstations.

A Distributed Intrusion Detection System Using Cooperating Agents

Proceedings of the 3rd International Conference on Information Processing (ICIP’09), August 7 – 9, Bangalore, 2009, Editors: L.M. Patnaik and K.R. Venugopal, pp. 559 – 568. , 2009

The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes which may lead to a single point of failure. In this paper, a distributed intrusion detection architecture is presented that is based on autonomous and cooperating agents without any centralized analysis components. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. A proof-of-concept prototype is developed and experiments have been conducted on it. The results show the effectiveness of the system in detecting intrusive activities.

An Architectural Framework for Distributed Intrusion Detection using Smart Agents

2004

Intrusion Detection Systems (IDS) have been developed to solve the problem of detecting the attacks on several network systems. In small-scale networks a single IDS is sufficient to detect attacks but this is inadequate in large-scale networks, where the number of packets across the network is enormous. In this paper, we present an Architectural Framework considering the large-scale network environment. We designed and implemented a Distributed Intrusion Detection system that relies on Smart Agents which monitor network traffic and report intrusion alerts to a central management node. Distribution is handled through the introduction of multiple sensors and the use of Smart Agents who are responsible for reporting and rate limiting of messages. Finally, we extended the IDMEF (Intrusion Detection Message Exchange Format) data model to support digital signatures and to strengthen the authentication of the system.

An adaptive distributed Intrusion detection system architecture using multi agents

International Journal of Electrical and Computer Engineering (IJECE), 2019

Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the iden...

An Agent-Based Intrusion Detection System for Local Area Networks

International Journal of Communication Networks and Information Security (IJCNIS), Vol 2, No 2, pp. 128 – 140, August 2010, 2010

Since it is impossible to predict and identify all the vulnerabilities of a network beforehand, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities to ensure the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days’ networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has a high detection efficiency and low false positives compared to some of the currently existing systems.

Agent-Based Approach for Distributed Intrusion Detection System Design

Computational Science – ICCS 2006, 2006

The aim of this paper is to propose an architecture of distributed Intrusion Detection System (IDS). It is assumed that IDS system will detect and track dissemination and activity of the Internet worms. A general architecture for such a distributed multiagent system is proposed and the tasks, techniques and algorithms to be used are sketched.

Agent-Based Distributed Intrusion Alert System

Lecture Notes in Computer Science, 2004

Intrusion detection for computer systems is a key problem in today's networked society. Current distributed intrusion detection systems (IDSs) are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. Increasingly, researchers are focusing on distributed IDSs to circumvent the problems of centralized approaches. A major concern of fully distributed IDSs is the high false positive rates of intrusion alarms which undermine the usability of such systems. We believe that effective distributed IDSs can be designed based on principles of coordinated multiagent systems. We propose an Agent-Based Distributed Intrusion Alert System (ABDIAS) which is fully distributed and provides two capabilities in addition to other functionalities of an IDS: (a) early warning when pre-attack activities are detected, (b) detecting and isolating compromised nodes by trust mechanisms and voting-based peer-level protocols.

Distributed Intrusion Detection System Using Mobile Agent

2015

The goal of Distributed Intrusion Detection System is to analyze events on the network and identify attacks. The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS). There is a difficulty to find intrusion in an distributed network segment from inside as well as from outside network. Intrusion detection system studies very huge amount of data in a network. Intrusion detection system also check that load additional significant is not placed in the system and also not placed in network of monitoring. The Centralized intrusion detection system having certain drawbacks which later on comes with the idea of mobile agent. There is no central point of failure because there is no central station in an agent based Intrusion detection system. Agents can detect malicious activity. After finding malicious activity in a network, predefined actions were take...