Date of Graduation
Statler College of Engineering and Mineral Resources
Lane Department of Computer Science and Electrical Engineering
The majority of the Distributed Intrusion Detection systems lack measures for providing security and integrity to their own components. The hierarchical organization and the static nature of the intrusion detection components in a largely distributed environment make them the likely targets of attacks. By disabling few operationally critical components along the hierarchy, an attacker can succeed in disabling the system's capability to correctly detect intrusions. One solution to this problem is to eliminate the system components' static nature by wrapping them as mobile agents. Through mobility we achieve an attack resistant architecture for the hierarchical distributed intrusion detection components. As mobile agents, these components can hide in a complex network topology, constantly roaming to avoid detection, and be replaced when compromised. In this thesis we analyze an approach where mobile agents replace the static internal components of a hierarchical distributed intrusion detection system.;We developed a system for this model using IBM's Java based mobile agent (Aglet) framework with the following features: randomized agent locations, decoy agents to allude an attacker from functionally critical components, a redundant polling mechanism to ensure the integrity of mobile agents' data processing and a mechanism for the mobile agents to avoid malicious hosts.
Selliah, Sentil Kumar, "Mobile agent-based attack-resistant architecture for Distributed Intrusion Detection system" (2001). Graduate Theses, Dissertations, and Problem Reports. 1166.