n South African Computer Journal - Applying mobile agents in an immune-system-based intrusion detection system : reviewed article
|Article Title||Applying mobile agents in an immune-system-based intrusion detection system : reviewed article|
|© Publisher:||South African Computer Society (SAICSIT)|
|Journal||South African Computer Journal|
|Author||Marek Zielinski and Lucas Venter|
|Publication Date||Jun 2005|
|Pages||76 - 83|
|Keyword(s)||Anomaly detection, Computer immunology, Computer security, Fault-tolerance, Immune system, Intrusion detection system, Mobile agent and System call monitoring|
Nearly all present-day commercial intrusion detection systems are based on a hierarchical architecture. Nodes at the bottom of the hierarchy collect information, which is passed to higher nodes in the hierarchy until the root node is reached. The root node is a command and control system that is responsible for detecting intrusions and for issuing responses. However, an intrusion detection system (IDS) based on a hierarchical architecture has many single points of failure. For example, by disabling the root node, the intrusion-detection function of the IDS will also be disabled. To solve this problem, we propose an IDS inspired by the human immune system. The proposed IDS has no single component that is responsible for detecting intrusions. Instead, the intrusion-detection function is divided and placed within mobile agents. Mobile agents act similarly to white blood cells of the human immune system and travel from host to host in the network to detect intrusions. The proposed IDS is fault-tolerant because it can continue to detect intrusions even when most of its components have been disabled. Furthermore, because mobile agents are not static and their number can vary, the whole IDS is more difficult to disable than an IDS based only on static components.
Article metrics loading...