A Snort-based Mobile Agent for a Distributed Intrusion Detection System

Abstract : Due to the rapid growth of the network application, new kinds of network attacks are endlessly emerging. Thus, it is of paramount importance to protect the networks from attackers. Consequently, the Intrusion Detec- tion Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing and commercial IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. In this paper, we introduce a novel mobile agent-based intrusion detection system focusing on the misuse detection approach, called DIDMAS (Distributed Intrusion Detection using Mobile Agents and Snort). DIDMAS takes advan- tages of the mobile agent paradigm to implement an efficient distributed system, as well as the integration of existing techniques, i.e., the well-known IDS SNORT. Carried out experiments showed that our proposed system presents better performance as well as a good scalability compared to the pioneer known centralized IDS SNORT system over real traffic and a set of simulated attacks.
Type de document :
Communication dans un congrès
SECRYPT: International Conference on Security and Cryptography, 2011, Seville, Spain. pp.198-207, 2011
Liste complète des métadonnées

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00798311
Contributeur : Pascal Poncelet <>
Soumis le : vendredi 8 mars 2013 - 12:25:44
Dernière modification le : jeudi 11 janvier 2018 - 06:26:17

Identifiants

  • HAL Id : lirmm-00798311, version 1

Collections

Citation

Imen Brahmi, Sadok Ben Yahia, Pascal Poncelet. A Snort-based Mobile Agent for a Distributed Intrusion Detection System. SECRYPT: International Conference on Security and Cryptography, 2011, Seville, Spain. pp.198-207, 2011. 〈lirmm-00798311〉

Partager

Métriques

Consultations de la notice

81