Mobile security agents for network traffic analysis


This paper describes the implementation of a distributed agent architecture for intrusion detection and response in networked computers. Unlike conventional intrusion detection systems (IDS), this security system attempts to emulate mechanisms of the natural immune system using Java-based mobile software agents. These security agents monitor multiple levels (packet process, system, and user) of networked computers to determine correlation among the observed anomalous patterns, reporting such abnormal behavior to the network administrator and/or possibly taking some action to counter a suspected security violation. The paper focuses on the design aspects of such an intrusion detection system by integrating different artificial intelligence techniques and a mobile agent architecture. Specifically, IBM's Aglets™ Software Development Kit (ASDK) is used as the base agent architecture, along with adaptive resonance theory (ART-2) neural networks for network pattern classification, and a fuzzy logic controller for decision/action resolution. The feasibility and implementation of the mobile security agent system is demonstrated and some preliminary results are reported.

Publication Title

Proceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001