In recent decade, computer networks have grown in popularity. So, network security measures become highly critical to protect networks against different kind of cyber attacks. One of the security measures is using intrusion detection system (IDS). An IDS aims to detect behaviors that compromise network integrity, availability and confidentiality, by continuously capturing and analyzing events occurring in the network. A challenging problem for current IDSs is that their performance decreases in today’s high speed and large scale networks. A centralize IDS cannot process such high volume of data and there is a high possibility that it discards some attacks. In this paper we propose a flow-based distributed IDS using mobile agents (MA), which performs both data capturing and data analyzing in a distributed fashion. Our distributed IDS provides a framework for deployment of a scalable and high performance IDS, which by using a grouping mechanism and help of mobile agents, effective collaboration can be established between all network members. We simulated our method in NS2. Then we compared our proposed system with a general network-based IDS and a distributed IDS. Experimental results showed its superiority using several metrics of network load, detection rate and flow loss rate.

DOI:http://dx.doi.org/10.11591/ijece.v3i6.3936