MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agents

Distributed intrusion detection systems (IDS) have many advantages such as scalability, subversion resistance, and graceful service degradation. However, there are some impediments when they are implemented. The mobile agent (MA) technology is of many features to suit the implementation of distributed IDS. In this paper, we propose a novel architecture _•• MA·IDS with MA technology for distributed IDS. MA-IDS employsMA technology to coordinately process information from each monitored host, and then completes global information extraction of intruder actions. A prototype of mobile agent-based distributed intrusion detection system by following MA·IDS is developed. The system also introduces uncertain factor into intrusion decision, which accords with the objective reality that human behavior is changeful. We demonstrate the advantages and the potentials of MA·IDS by the result of evaluation.