The Intrusion Detection System architectures commonly used in commercial and research systems have a number of problems that limit their congurability, scalability or efficiency. The most common shortcoming in the existing architectures is that they are built around a single monolithic entity that does most of the data collection and processing. In this paper, we review our architecture for a distributed Intrusion Detection System based on multiple independent entities working collectively. We call these entities Autonomous Agents. This approach solves some of the problems previously mentioned. We present the motivation and description of the approach, partial results obtained from an early prototype, a discussion of design and implementation issues, and directions for future work.

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : xv 1

Abstract not found

Intrusion detection system (IDS) has become an essential component of a computer security scheme as the number of security-breaking attempts originating inside organizations is increasing steadily. The idea of filtering the traffic at the “entrance door ” (by firewalls, for instance) is not completely successful since it does not allow monitoring of local traffic. This paper presents a lightweight and adaptive mobile agent-based intrusion detection system (LAMAIDS) that detects intrusion from outside the network as well as from inside. A main machine, being a typical intrusion detection system residing at a secure location, creates mobile IDS agents and dispatches them into the network. The mobile IDS agents are equipped with lightweight IDS capabilities and decision-making. On each hop, the agents sniff the network traffic and look for abnormal activities using a set of rules supplied by the main machine. Simulation results based on real-world scenarios demonstrate significant improvements in terms of detection rate, network overhead, and adaptability, scalability, and fault tolerance.