IDSUDA: An Intrusion Detection System Using Distributed Agents

Intrusion-detection systems (IDSs) aim at detecting attacks against information systems. Most intrusiondetection systems currently rely on some type of centralized processing to analyze the data necessary to detect an intruder in real time. A centralized approach can be vulnerable to attack (e.g., Denial of Service). Additionally many of these systems depends on analyzing the log files and packet traces, which is potentially modified by the intruder before the IDS can obtain it, making it's possible for the intruder to hide his activities. Another problem, is that majority of IDSs detect attacks that have known signatures, which is not enough because of the nature of the always and ongoing changes in the methods of intruders to break-in systems. In this paper, a framework called Intrusion Detection System Using Distributed Agents (IDSUDA) was built avoiding the above-mentioned problems and adopting a different architecture. In this framework the software agent technology was employed to extend the capabilities of the classical IDSs. IDSUDA focuses on the attack behavior through monitoring the usage of system different resources to detect deviation from normal usage. So it detects many attacks; the known signatures attacks and also the new ones.