A P2P intrusion detection system based on mobile agents

Abstract: Traditional intrusion detection systems have a central coordinator with a static hierarchical architecture. We propose a peer-to-peer intrusion detection system that has no central coordinator. Our approach is like that of a "neighborhood watch". A virtual neighborhood is created where neighbors take on the task of looking out for each other. When an intrusion occurs they observe this intrusion and inform the residents about this intrusion and collectively take action. We use cooperating, mobile agents for int… Show more

“…An agent migration strategy that can enable hosts of a network to make more efficient and accurate detections was introduced. Compared to [5], [7], and [9], MA-DIDF can gather information not only from neighbours of the compromised host but from more other hosts in the network that can lead to more accurate final decision. The future work of this research is to improve the performance of MADIDF, including optimizing the number of Retrieval Agents and avoiding duplicate detection, especially in large scale network and test it in real applications.…”

“…However, the host in the network only dispatches a mobile agent to its neighbours when a suspicious incident is observed at that host instead of periodically sending mobile agent to its neighbours. Although this system overcomes some drawbacks of that proposed in [5], it still has a few limitations. Because the host in the network only asks its neighbours for collaborative decision, it might not detect some specific attacks, which simultaneously attack multiple hosts in a network, like doorknob and network browsing.…”

“…In [5], a P2P intrusion detection system based on mobile agents is introduced. This IDS gives up traditional hierarchical architecture.…”

“…The system is similar with that described in [5]. However, the host in the network only dispatches a mobile agent to its neighbours when a suspicious incident is observed at that host instead of periodically sending mobile agent to its neighbours.…”

P2P Distributed Intrusion Detections by Using Mobile Agents

“…An agent migration strategy that can enable hosts of a network to make more efficient and accurate detections was introduced. Compared to [5], [7], and [9], MA-DIDF can gather information not only from neighbours of the compromised host but from more other hosts in the network that can lead to more accurate final decision. The future work of this research is to improve the performance of MADIDF, including optimizing the number of Retrieval Agents and avoiding duplicate detection, especially in large scale network and test it in real applications.…”

“…However, the host in the network only dispatches a mobile agent to its neighbours when a suspicious incident is observed at that host instead of periodically sending mobile agent to its neighbours. Although this system overcomes some drawbacks of that proposed in [5], it still has a few limitations. Because the host in the network only asks its neighbours for collaborative decision, it might not detect some specific attacks, which simultaneously attack multiple hosts in a network, like doorknob and network browsing.…”

“…In [5], a P2P intrusion detection system based on mobile agents is introduced. This IDS gives up traditional hierarchical architecture.…”

“…The system is similar with that described in [5]. However, the host in the network only dispatches a mobile agent to its neighbours when a suspicious incident is observed at that host instead of periodically sending mobile agent to its neighbours.…”

P2P Distributed Intrusion Detections by Using Mobile Agents

“…The authors have created an EQL (Event Query Language) with syntax similar to SQL (Sequence Query Language) used in databases. Other mobile agent based IDS's include a P2P based IDS (Ramachandran & Hart, 2004) that works in a neighborhood watch manner where each agent looks after other agents in its vicinity by using a voting procedure to take action against a compromised agent; the MA-IDS system (Li et al, 2004) which uses encrypted communication between the mobile agents in the system, and use a threshold mechanism to detect the probability for each intrusion depending on the quantity of each intrusion type obtained allowing it to learn in a one dimensional method. Some other mobile agent based IDS's include a position paper (Aslam et al, 2001) that claims to work on D'Agents environment; and work by (Foukia et al, 2001;Foukia et al, 2003) which uses a social insect metaphor and immune systems to model an intrusion detection system.…”

Advanced Methods for Botnet Intrusion Detection Systems

A Mobile Agent-Based P2P Autonomous Security Hole Discovery System