Preemptive distributed intrusion detection using mobile agents

被引:4
作者
Chan, PC [1 ]
Wei, VK [1 ]
机构
[1] Chinese Univ Hong Kong, Dept Informat Engn, Shatin, Hong Kong, Peoples R China
来源
WET ICE 2002: ELEVENTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS | 2002年
关键词
D O I
10.1109/ENABL.2002.1029996
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Distributed intrusion detection systems have many advantages over their centralized counterparts such as scalability, subversion resistance, and graceful service degradation. However, an important disadvantage is their inability to block packets immediately when an intrusion is detected. To tackle this problem, we propose a network-based preemptive distributed intrusion detection system using mobile agents. Packets are diverted to various types of agents strategically placed over the network. Various agents perform tasks in control, detection, policy, and blocking. Suspect packets are blocked before they reach the destination when an intrusion is detected and the policy verdicts for blockage. Ways to mitigate negative impacts of our system on network traffic and latency are discussed.
引用
收藏
页码:103 / 108
页数:6
相关论文
共 13 条
[1]  
ALMGREN M, 2001, RECENT ADV INTRUSION, V2212, P22
[2]  
Axelsson S, 1999, 6TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P1, DOI 10.1145/319709.319710
[3]  
DEQUEIROZ JD, 1999, RECENT ADV INTRUSION
[4]  
DURST R, 1999, COMMUNICATION ACM, V42
[5]  
HELMER G, 2000, UNPUB J SYSTEMS SOFT
[6]  
Jansen W., 2000, 12 ANN CAN INF TECHN
[7]  
LEE W, 1999, P IEEE S SEC PRIV
[8]  
McHugh J, 2000, LECT NOTES COMPUT SC, V1907, P145
[9]   Intrusion detection using autonomous agents [J].
Spafford, EH ;
Zamboni, D .
COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING, 2000, 34 (04) :547-570
[10]  
W J, PHRACK MAGAZINE
12