08-16-2017, 09:52 PM
[attachment=5793]
DIDMA: A Distributed Intrusion Detection System Using Mobile Agents
Pradeep Kannadiga and Mohammad Zulkernine
School of Computing
Queen s University, Kingston
Ontario, Canada K7L 3N6
Abstract
The widespread proliferation of Internet connections
has made current computer networks more
vulnerable to intrusions than before. In network
intrusions, there may be multiple computing nodes
that are attacked by intruders. The evidences of
intrusions have to be gathered from all such attacked
nodes. An intruder may move between multiple nodes
in the network to conceal the origin of attack, or
misuse some compromised hosts to launch the attack
on other nodes. To detect such intrusion activities
spread over the whole network, we present a new
intrusion detection system (IDS) called Distributed
Intrusion Detection using Mobile Agents (DIDMA).
DIDMA uses a set of software entities called mobile
agents that can move from one node to another node
within a network, and perform the task of
aggregation and correlation of the intrusion related
data that it receives from another set of software
entities called the static agents. Mobile agents reduce
network bandwidth usage by moving data analysis
computation to the location of the intrusion data,
support heterogeneous plat-forms, and offer a lot of
flexibility in creating a distributed IDS. DIDMA
utilizes the above-mentioned beneficial features
offered by mobile agent technology and addresses
some of the issues with centralized IDS models. The
detailed architecture and implementation of a
prototype of DIDMA are described. It has been tested
using some well-known attacks and performances
have been com-pared with centralized IDS models.