Abstract:
Distributed intrusion detection systems (IDS) have
many advantages such as scalability, subversion resistance, and
graceful service degradation. However, there are some
impediments when they are implemented. The mobile agent
(MA) technology is of many features to suit the implementation of
distributed IDS. In this paper, we propose a novel architecture---
MA-DS with MA technology for distributed IDS. MA-IDS
employsMA technology to coordinately process information from
each monitored host, and then completes global information
extraction of intruder actions. A prototype of mobile agent-based
distributed intrusion detection system by following MA-IDS is
developed. The system also introduces uncertain factor into
intrusion decision, which accords with the objective reality that
human behavior is changeful. We demonstrate the advantages
and the potentials of MA-IDS by the result of evaluation.
