Deploying agents in the network to detect intrusions

Intrusion Detection in a network is defined as identifying activities which violate security policies. Traditional Intrusion Detection Systems (IDSs) are centralized in nature where a central node collects data from every node and detects whether any abnormal activity is taking place in the network. In our research we propose to use intelligent mobile agents to detect intrusions in a network. An agent is a piece of program which will execute specified operations on a node in a network. The agents act as guards which essentially roam the network periodically to check whether any node in the network is under attack.

When an agent visits a node, it scans the log file to identify any abnormal activity taking place in that node. In our previous research we proposed algorithms for finding initial locations and roaming pattern of agents. In this research, we have built the prototype of an agent and deployed it in a virtual network to test its performance by simulating intrusions. We have also tested the performance of the prototype by deploying the agents on PlanetLab which is a testbed in the Internet connecting more than 1300 machines all over the world. From our experiments we have observed that the performance of the agent based intrusion detection system depends on the size and topology of the network.