| The rapid increase in attacks on computer systems has made intrusion detection systems (IDSs) increasingly popular in academic, corporate, and government networks. While IDSs are not new, research into improving their performance is ongoing. One new area involves using mobile agents in implementing intrusion detection systems. Research in this area is in its infancy and has not yet entered the mainstream community. The lack of security for mobile agents is a primary factor that has inhibited their widespread use in real-world applications, including intrusion detection systems. Thus, providing security for mobile agents is key to building useful applications based on the mobile agent paradigm.; Before these systems can be deployed in real settings, the major obstacle of providing adequate security for the agents themselves must be overcome. The core problem of such an agent-based system is this: an agent's owner cannot trust its agent, and agents and host systems do not trust each other. Worse still, if a host is penetrated and the attacker gains access to a traveling agent, he will potentially be given a wealth of new information that will help him attack other hosts in the network and further penetrate the system. If an attacker can obtain detailed knowledge of the detection systems installed at a particular site, he will be better able to avoid its triggers. Hence, security for these agents is critical. Unfortunately, solutions to many of these problems do not currently exist.; The overall intent of this research is to develop a methodology for protecting mobile agents in intrusion detection systems and to demonstrate the ability of such agents to address the shortcomings in current host-based systems. This methodology will support the defense of computer systems through a secure, mobile agent-based architecture. In support of this research, a secure mobile agent IDS prototype was created. The capabilities of this prototype as well as experimental results are described. |
