Immune-based Mobile Agent Intrusion Detection System Model

IDS(Intrusion Detection System) is a security protection system which detects the attempts or the behaviors that threaten or harm the integrality, confidentiality or usability of host or network resources.IDS has gained great attention because of its importance in computer security. Intrusion detection techniques have been improved a lot these years. However, there are still some limitations in traditional intrusion detection systems,such as distributivity, flexibility and efficiency.Therefore it is necessary to develop new technologies to improve the overall performance of IDS.BIS(Biological Immune System) is a physiological system which protects organism from pathogens.It has some advantages which are quite needed by IDS,such as distributed protection,self-organization,immune memory and robustness.There're amazing similarities between IDS and IS(Immune System) .So we can make use of some immune principles to improve IDS.Furthermore,Mobile Agent is a distributed computing technology emerging recently.Its mobility and flexibility are perfectly fit for developing new generation of IDS.Based on the analysis of IDS principles,technologies and structures,we introduce a model of IMAIDS(Immune based Mobile Agent Intrusion Detection System),combining with immune principles and mobile Agent. This paper presents structure and execution flow of the detection module in detail and analyzes some mechanisms and arithmetics related to the detector. The system mainly focuses on network packets.It analyzes data of host to detect intrusions when something dubious happens.Compared with other IDS,IMAIDS significantly outperforms these models by adding Monitor module which provides "co-stimulation signal" reducing the probability of false positive.We also midified the generating arithmetic of detector to generate diversiform detectors so that we can save system resource by using less detectors to detect various intrusions.