Distributed intrusion detection using mobile agents against DDoS attacks

Along with the increasing wide applications of computer and network technologies, the security problems of information systems are becoming more complicated. Most computer systems have some kind of a security flaw that may allow outsiders or legitimate users to gain unauthorized access to sensitive information. Among the network exploits, Distributed Denial of Service (DDoS) attack is a large-scale, coordinated attack on the availability of services of a victim system, launched indirectly through many compromised computers on the Internet. Intrusion detection systems (IDS) are network security tools that process local audit data or monitor network traffic to search for specific patterns or certain deviations from expected behavior which indicate malicious activities against the protected network. In our study, we proposed and tested four different distributed intrusion detection methods to detect DDoS attacks in the MIT DARPA LLDOS 1.0 dataset. Currently, all of our methods use the alarms generated by Snort, a signature-based network IDS. We used mobile agents in three of the methods on the Jade (Java Agent Development Framework) platform in order to reduce network bandwidth usage by moving data analysis computations to the location of the intrusion data. Based on reliability, network load and mean detection time values of each, one of the methods is shown to be better than the others.