Intrusion Detection with Mobile Agents

During the last ten years, the Internet has grown considerably. More interconnected people yields increased information security problems. Indeed, the continuous increase in computer interconnectivity and interoperability in a fully open way enhances the intruder’s ability to attempt malicious behaviour against computers and networks and furthermore allows intruders to make these attempts extremely efficient. Detecting an intruder in a network environment is hard for a human and even if the amount of circulating information is collected by computers there is still too much information to analyse in real-time. Intrusion Detection Systems’ (IDSs) goal is to detect attacks against information systems. Notably it is difficult to guarantee a completely and provably secure information system and to be sure to always maintain it in a secure state during its utilization. This is why IDSs have to monitor the usage of such systems to detect eventual insecure states. For this task, new approaches and designs on IDSs are required which avoid, for example, centralised control and analysis of data to determine if an intruder entered the network. With this perspective and in the scope of a Swiss National Project (ADAMA II-2000-054014.98), we are investigating the use of Mobile Agents (MAs) research to address Intrusion Detection (ID) in an Intranet. After the general description of the different goals of the project, we expose our first stage ID model using MAs based on immune system principles.