DocumentCode
2296381
Title
Distributed Agent Architecture for Intrusion Detection Based on New Metrics
Author
Katata, F.B. ; El Kadhi, Nabil ; Ghedira, Khaled
Author_Institution
Lab. d´´Ing. Inf. Intelligente, Higher Inst. of Manage., Tunisia
fYear
2009
fDate
19-21 Oct. 2009
Firstpage
321
Lastpage
327
Abstract
Current best practices for identifying malicious activity in a network are to deploy network intrusion detection systems. Anomaly detection approaches hold out more promise, as they can detect new types of intrusions because these new intrusions, by assumption, will deviate from ldquonormalrdquo behavior. But these methods generally suffer from several major drawbacks: computing the anomaly model itself is a time-consuming and processor-heavy task. To avoid these limits, we propose a mobile agent based model for intrusion detection system, called MAFIDS, including new metrics issued from emergent indicators of the agent synergy and a proposed event correlation engine. We detail the implementation of our model showing its capabilities to detect the SYN Flooding attack in a short time and lower false alarm rate by comparing it to SNORT.
Keywords
mobile agents; security of data; software metrics; MAFIDS; SYN Flooding attack; agent synergy; anomaly detection approach; distinct software process; distributed agent architecture; emergent indicator metrics; event correlation engine; malicious activity identification; mobile agent-based model-for-intrusion detection system; Capacitive sensors; Computer networks; Computer security; Engines; Floods; Information security; Information systems; Intrusion detection; Mobile agents; Sensor systems; Anomaly; Network Intrusion Detection System; agent architecture; metrics;
fLanguage
English
Publisher
ieee
Conference_Titel
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location
Gold Coast, QLD
Print_ISBN
978-1-4244-5087-9
Electronic_ISBN
978-0-7695-3838-9
Type
conf
DOI
10.1109/NSS.2009.50
Filename
5319064
Link To Document