A Denial-of-Service Resistant Intrusion Detection Architecture
Peter M. Mell, D G. Marks, Mark McLarnon
As the capabilities of intrusion detection systems (IDS) advance, attackers may attempt to disable an organization's IDS before attempting to penetrate more valuable targets. As IDSs evolve into distributed systems withinterdependent components, they are becoming more vulnerable to such attacks. To counter this threat, we present an intrusion detection architecture which is resistant to denial-of-service attacks. The architecture frustrates attackers by making IDS components invisible to an attacker's normal means of seeing in a network. In the event of a successful attack, the architecture allows IDS components to relocate from attacked hosts to operational hosts thereby mitigating the effects of that attack. These capabilities are obtained by using mobile agent technology,utilizing network topology features, and by restricting the communication allowed between different types of IDS components.
computer attacks, computer security, denial of service, intrusion detection, mobile agents, security models
, Marks, D.
and McLarnon, M.
A Denial-of-Service Resistant Intrusion Detection Architecture, Computer Networks, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151228
(Accessed December 7, 2023)