A Flow-based Distributed Intrusion Detection System Using Mobile Agents

Zahra Hakimi, Karim Faez, Morteza Barati


In recent decade, computer networks have grown in popularity. So, network security measures become highly critical to protect networks against different kind of cyber attacks. One of the security measures is using intrusion detection system (IDS). An IDS aims to detect behaviors that compromise network integrity, availability and confidentiality, by continuously capturing and analyzing events occurring in the network. A challenging problem for current IDSs is that their performance decreases in today’s high speed and large scale networks. A centralize IDS cannot process such high volume of data and there is a high possibility that it discards some attacks. In this paper we propose a flow-based distributed IDS using mobile agents (MA), which performs both data capturing and data analyzing in a distributed fashion. Our distributed IDS provides a framework for deployment of a scalable and high performance IDS, which by using a grouping mechanism and help of mobile agents, effective collaboration can be established between all network members. We simulated our method in NS2. Then we compared our proposed system with a general network-based IDS and a distributed IDS. Experimental results showed its superiority using several metrics of network load, detection rate and flow loss rate.



Intrusion detection system; Distributed IDS; Flow-based IDS; NS2 simulator; Nmap; Scan attack; Simpleweb traces

Full Text:

Total views : 143 times

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

ISSN 2088-8708, e-ISSN 2722-2578