Implementation of an intrusion detection system based on mobile agents

The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by “authorized” users of the system, cannot be immediately located. As the idea of filtering the traffic at the “entrance door” (by firewalls, for instance) is not completely successful the use of other technologies should be considered to increase the defense capacity of a site. Therefore, the introduction of mobile agents to provide computational security by constantly moving around within the internal infoways of an organization is presented as a natural solution to prevent both external and internal sources of intrusion. This work presents an evaluation of the use of mobile agent mechanisms to add mobility features to the process of monitoring intrusion in computational systems. A modular approach is proposed, where independent small agents will monitor the communication paths. This approach presents significant advantages in terms of minimizing overhead, increasing scalability and flexibility and providing fault tolerance