An Adaptive Intrusion Detection and Defense System Based on Mobile Agents

This paper presents a distributed intrusion detection system (IDS) based on mobile agents that detect intrusion from outside the network segment as well as from inside. A main machine, being a typical intrusion detection system residing at a secure location, creates agents and dispatches them into the network. On each hop, the agents sniff the network traffic and look for abnormal activities by matching against a limited rule set supplied by the main machine. The agents are programmed with enough intelligence to decide whether to send the logged data (captured packets) to the main machine for further analysis. The proposed model comprises three major components: the Network Intrusion Detection Component, the Mobile Agent Platform, and distributed intelligent mobile agents called mobile IDS agents. Finally, we present partial results obtained from an early prototype and a discussion of design and implementation issues, and directions for future work. Keywords: Mobile agents, intrusion detection, distributed systems.