| The majority of the Distributed Intrusion Detection systems lack measures for providing security and integrity to their own components. The hierarchical organization and the static nature of the intrusion detection components in a largely distributed environment make them the likely targets of attacks. By disabling few operationally critical components along the hierarchy, an attacker can succeed in disabling the system's capability to correctly detect intrusions. One solution to this problem is to eliminate the system components' static nature by wrapping them as mobile agents. Through mobility we achieve an attack resistant architecture for the hierarchical distributed intrusion detection components. As mobile agents, these components can hide in a complex network topology, constantly roaming to avoid detection, and be replaced when compromised. In this thesis we analyze an approach where mobile agents replace the static internal components of a hierarchical distributed intrusion detection system.; We developed a system for this model using IBM's Java based mobile agent (Aglet) framework with the following features: randomized agent locations, decoy agents to allude an attacker from functionally critical components, a redundant polling mechanism to ensure the integrity of mobile agents' data processing and a mechanism for the mobile agents to avoid malicious hosts. |
