DIDMA: A distributed intrusion detection system using mobile agents

The widespread proliferation of Internet connections has made current computer networks more vulnerable to intrusions than before. In network intrusions' there may be multiple computing nodes that are attacked by intruders. The evidences of intrusions have to be gathered from all such attacked nodes. An intruder may move between multiple nodes in the network to conceal the origin of attack., or misuse some compromised hosts to launch the attack on other nodes. To detect such intrusion activities spread over the whole network, we present a new intrusion detection system (IDS) called Distributed Intrusion Detection using Mobile Agents (DIDAM). DIDAM uses a set of software entities called mobile agents that can move from one node to another node within a network, and perform the task of aggregation and correlation of the intrusion related data that it receives from another set of software entities called the static agents. Mobile agents reduce network bandwidth usage by moving data analysis computation to the location of the intrusion data, support heterogeneous plat-forms, and offer a lot of flexibility in creating a distributed IDS. DIDAM utilizes the above-mentioned beneficial features offered by mobile agent technology and addresses some of the issues with centralized IDS models. The detailed architecture and implementation of a prototype of DIDMA are described It has been tested using some well-known attacks and performances have been com-pared with centralized IDS models.