Title :
Distributed Agent Architecture for Intrusion Detection Based on New Metrics
Author :
Katata, F.B. ; El Kadhi, Nabil ; Ghedira, Khaled
Author_Institution :
Lab. d´´Ing. Inf. Intelligente, Higher Inst. of Manage., Tunisia
Abstract :
Current best practices for identifying malicious activity in a network are to deploy network intrusion detection systems. Anomaly detection approaches hold out more promise, as they can detect new types of intrusions because these new intrusions, by assumption, will deviate from ldquonormalrdquo behavior. But these methods generally suffer from several major drawbacks: computing the anomaly model itself is a time-consuming and processor-heavy task. To avoid these limits, we propose a mobile agent based model for intrusion detection system, called MAFIDS, including new metrics issued from emergent indicators of the agent synergy and a proposed event correlation engine. We detail the implementation of our model showing its capabilities to detect the SYN Flooding attack in a short time and lower false alarm rate by comparing it to SNORT.
Keywords :
mobile agents; security of data; software metrics; MAFIDS; SYN Flooding attack; agent synergy; anomaly detection approach; distinct software process; distributed agent architecture; emergent indicator metrics; event correlation engine; malicious activity identification; mobile agent-based model-for-intrusion detection system; Capacitive sensors; Computer networks; Computer security; Engines; Floods; Information security; Information systems; Intrusion detection; Mobile agents; Sensor systems; Anomaly; Network Intrusion Detection System; agent architecture; metrics;
Conference_Titel :
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4244-5087-9
Electronic_ISBN :
978-0-7695-3838-9
DOI :
10.1109/NSS.2009.50
