INTELLIGENT AGENTS FOR INTRUSION DETECTION SYSTEM (IAIDS).pdf (original) (raw)

Distributed intrusion detection system using sensor based mobile agent technology

2013

The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems ( IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all ...

Distributed Intrusion Detection System Using Mobile Agent

2015

The goal of Distributed Intrusion Detection System is to analyze events on the network and identify attacks. The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS). There is a difficulty to find intrusion in an distributed network segment from inside as well as from outside network. Intrusion detection system studies very huge amount of data in a network. Intrusion detection system also check that load additional significant is not placed in the system and also not placed in network of monitoring. The Centralized intrusion detection system having certain drawbacks which later on comes with the idea of mobile agent. There is no central point of failure because there is no central station in an agent based Intrusion detection system. Agents can detect malicious activity. After finding malicious activity in a network, predefined actions were take...

An Agent-Based Intrusion Detection System for Local Area Networks

International Journal of Communication Networks and Information Security (IJCNIS), Vol 2, No 2, pp. 128 – 140, August 2010, 2010

Since it is impossible to predict and identify all the vulnerabilities of a network beforehand, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities to ensure the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days’ networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has a high detection efficiency and low false positives compared to some of the currently existing systems.

Distributed Intrusion Detection using Mobile Agents

DIDMA (Distributed Intrusion Detection using Mobile Agents) is a novel architecture in the field of IDS (Intrusion Detection Systems), utilizing an agent-based approach in order to realize a distributed framework. The novelty in this architecture is the employment of mobile agents as its auditing components. This novel approach overcomes certain problems associated with traditional designs in IDS. In particular, problematic areas such as high-speed networks, not visible traffic, and fail-open architecture have been successfully managed. Moreover, the fault tolerant decentralized design of DIDMA clearly demonstrated resilience against active attacks.

Using mobile agents for intrusion detection in wireless ad hoc networks

Second IFIP International Conference on Wireless and Optical Communications Networks, 2005. WOCN 2005.

As they have recently showed strong evolution, wireless ad hoc networks (WAHNs) are gaining researchers' great attention especially in their security issues. Many attempts were made to secure these networks, but due to their special ad hoc nature and strict constraints, finding an optimal and comprehensive security solution is still a research challenge. This paper examines the main security challenges of WAHNs. It then studies and analyzes mobile agents and their attributes against those challenging requirements. This analysis shows a great feasibility and promising suitability for a mobile-agent-based solution to be adopted by the WAHNs intrusion detection systems. The paper also surveys, studies and compares the existing WAHNs mobile-agentsbased intrusion detection designs..

IJERT-Intrusion Detection System Using Mobile Agent Technology

International Journal of Engineering Research and Technology (IJERT), 2013

https://www.ijert.org/intrusion-detection-system-using-mobile-agent-technology https://www.ijert.org/research/intrusion-detection-system-using-mobile-agent-technology-IJERTV2IS120630.pdf The Internet and computer networks are exposed to an increasing number of security threats. With new types ofattacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.

An adaptive distributed Intrusion detection system architecture using multi agents

International Journal of Electrical and Computer Engineering (IJECE), 2019

Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the iden...

Hybrid Architecture for Distributed Intrusion Detection System in Wireless Network

International Journal of Network Security & Its Applications, 2013

In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.

An Agent Based Intrusion Detection Model for Mobile Ad Hoc Networks

Mobile Information Systems, 2006

Intrusion detection has over the last few years, assumed paramount importance within the broad realm of network security, more so in case of wireless mobile ad hoc networks. The inherently vulnerable characteristics of wireless mobile ad hoc networks make them susceptible to attacks in-spite of some security measures, and it may be too late before any counter action can take effect. As such, there is a need to complement traditional security mechanisms with efficient intrusion detection and response systems. This paper proposes an agent-based model to address the aspect of intrusion detection in cluster based mobile wireless ad hoc network environment. The model comprises of a set of static and mobile agents, which are used to detect intrusions, respond to intrusions, and distribute selected and aggregated intrusion information to all other nodes in the network in an intelligent manner. The model is simulated to test its operation effectiveness by considering the performance parameters such as, detection rate, false positives, agent overheads, and intrusion information distribution time. Agent based approach facilitates flexible and adaptable security services. Also, it supports component based software engineering components such as maintainability, reachability, reusability, adaptability, flexibility, and customization.

An Efficient Flow-based Distributed Intrusion Detection System Using Mobile Agents

International Journal of Electrical and Computer Engineering (IJECE), 2013

In recent decade, computer networks have grown in popularity. So, network security measures become highly critical to protect networks against different kind of cyber attacks. One of the security measures is using intrusion detection system (IDS). An IDS aims to detect behaviors that compromise network integrity, availability and confidentiality, by continuously capturing and analyzing events occurring in the network. A challenging problem for current IDSs is that their performance decreases in today's high speed and large scale networks. A centralize IDS cannot process such high volume of data and there is a high possibility that it discards some attacks. In this paper we propose flow-based distributed IDS using mobile agents (MA), which performs both data capturing and data analyzing in a distributed fashion. Our distributed IDS provides a framework for deployment of a scalable and high performance IDS, which by using a grouping mechanism and help of mobile agents, effective collaboration can be established between all network members. We simulated our method in NS2. Then we compared our proposed system with general network-based IDS and distributed IDS. Experimental results showed its superiority using several metrics of network load, detection rate and flow loss rate.