Design and implementation of intrusion detection based on mobile agents

In this paper, we introduced the intrusion detection technology first. Beside of the definition and the common intrusion detection frame (CDIF), we described three methods of the intrusion detection: anomaly detection, misuse detection and hybrid detection. Then we discussed the mobile agent technology. In this part, we mainly introduced three key issues. They are: mobile agentpsilas move, mobile agentpsilas cooperation and mobile agentpsilas security. Because the mobile, autonomous agents have the potential to provide a convenient, efficient and robust programming paradigm for distributed applications, we applied them into the intrusion detection systems, and proposed a new intrusion detection model. This model used the mobile agent as organization unit, combined the distributed idea, fully used the intelligence, mobility, cooperation and heterogeneity of the mobile agents and designed a concurrent structure of the mobile agents. It can detect the intrusions accurately and quickly, thereby overcoming the flaw of the traditional intrusion detection system.