A Snort-based Mobile Agent for a Distributed Intrusion Detection System

Abstract : Due to the rapid growth of the network application, new kinds of network attacks are endlessly emerging. Thus, it is of paramount importance to protect the networks from attackers. Consequently, the Intrusion Detec- tion Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing and commercial IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. In this paper, we introduce a novel mobile agent-based intrusion detection system focusing on the misuse detection approach, called DIDMAS (Distributed Intrusion Detection using Mobile Agents and Snort). DIDMAS takes advan- tages of the mobile agent paradigm to implement an efficient distributed system, as well as the integration of existing techniques, i.e., the well-known IDS SNORT. Carried out experiments showed that our proposed system presents better performance as well as a good scalability compared to the pioneer known centralized IDS SNORT system over real traffic and a set of simulated attacks.
Document type :
Conference papers
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00798311
Contributor : Pascal Poncelet <>
Submitted on : Friday, March 22, 2019 - 10:31:55 AM
Last modification on : Friday, March 22, 2019 - 10:32:30 AM
Long-term archiving on : Sunday, June 23, 2019 - 1:26:08 PM

File

SECRYPT2011.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : lirmm-00798311, version 1

Collections

Citation

Imen Brahmi, Sadok Ben Yahia, Pascal Poncelet. A Snort-based Mobile Agent for a Distributed Intrusion Detection System. SECRYPT: Security and Cryptography, Jul 2011, Seville, Spain. pp.198-207. ⟨lirmm-00798311⟩

Share

Metrics

Record views

183

Files downloads

59