Randomly Roving Agents for Intrusion Detection
NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
Pagination or Media Count:
Agent based intrusion detection systems IDS have advantages such as scalability, reconfigurability, and survivability. In this paper, we introduce a mobile-agent based IDS, called ABIDE Agent Based Intrusion Detection Environment. ABIDE is comprised of various types of agents, all of which are mobile, lightweight, and specialized. The most common form of agent is the DMA Data Mining Agent, which randomly moves around the network and collects information. The DMA then relays the information it has gathered to a DFA Data Fusion Agent which assesses the likelihood of intrusion. As we show in this paper, there is a quantifiable relationship between the number of DMA and the probability of detecting an intrusion. We study this relationship and its implications.
- Computer Programming and Software
- Computer Systems Management and Standards
- Information Science