Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems
Peter M. Mell, Mark McLarnon
Distributed intrusion detection systems are especially vulnerable to attacks since, typically, each component resides at a static location and components are connected together into a hierarchical structure. An attacker can disable such a system by taking out a node high in the hierarchy, thus amputating a portion of the distributed system. A solution to this problem is to cast the internal nodes in the system hierarchy as mobile agents. These mobile agents randomly move around the network such that an attacker can not locate their position. If an attacker takes out a mobile agent platform, the remaining agents estimate the location of the attacker and automatically avoid those networks. Killed agents are resurrected by a group of backups that retain all or partial state information. We are implementing this technology as an API such that existing intrusion detection systems can wrap their components as mobile agents in order to gain a type of attack resistance.
September 7-9, 1999
Conference on Recent Advances in Intrusion Detection
and McLarnon, M.
Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems, Conference on Recent Advances in Intrusion Detection, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151206
(Accessed May 29, 2023)