Preemptive distributed intrusion detection using mobile agents

Author

Chan, P.C. ; Wei, Victor K.

Author_Institution

Dept. of Inf. Eng., Chinese Univ. of Hong Kong, Shatin, China

fYear

2002

fDate

2002

Firstpage

103

Lastpage

108

Abstract

Distributed intrusion detection systems have many advantages over their centralized counterparts such as scalability, subversion resistance, and graceful service degradation. However, an important disadvantage is their inability to block packets immediately when an intrusion is detected To tackle this problem, we propose a network-based preemptive distributed intrusion detection system using mobile agents. Packets are diverted to various types of agents strategically placed over the network. Various agents perform tasks in control, detection, policy, and blocking. Suspect packets are blocked before they reach the destination when an intrusion is detected and the policy verdicts for blockage. Ways to mitigate negative impacts of our system on network traffic and latency are discussed.

Keywords

computer networks; mobile agents; security of data; blocking; control; graceful service degradation; latency; mobile agents; network traffic; network-based preemptive distributed intrusion detection system; policy; scalability; subversion resistance; suspect packet blocking; Collaborative work; Communication system traffic control; Degradation; Delay; Intrusion detection; Load management; Mobile agents; Monitoring; Scalability; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Enabling Technologies: Infrastructure for Collaborative Enterprises, 2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on

ISSN

1080-1383

Print_ISBN

0-7695-1748-X

Type

conf

DOI

10.1109/ENABL.2002.1029996

Filename

1029996