Distributed Intrusion Detection System using Mobile Agents

The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS). Autonomous software agents, especially when equipped with mobility, promise an interesting design approach for such applications. We evaluate the implications of applying mobile agent technology to the field of intrusion detection and present a distributed intrusion detection system (IDS) based on mobile agents that considers large-scale network environment in order to monitor multiple hosts connected via a network as well as the network itself. The design and implementation of our Distributed Intrusion Detection prototype relies on Security Agents which monitor network traffic and report intrusion alerts to a central management node. Our model comprises four major components: the IDS monitor, the Agent server which distributes intelligent mobile agents called mobile IDS agents, Authentication and Utility tool. Finally, we present discussion of design and implementation issues, and directions for future work