This paper discussed about response mechanisms in Intrusion Detection System (IDS) and also discussed about few IDS based on intelligent agents.
Overview:
Intrusion Detection is a main objective of Intrusion Detection Agent System. The other objectives of this system are responding to the attacks and tries to tracks down the attacker’s machines. Intruders are tracked efficiently by looking at MLSI (Mark Left by Suspected Intruder). Manager, Information gathering agent and Tracing agent are three types of mobile agents. Information about intrusions can be gathered by IDS sensors from system logs.
IDS sensors inform the managers whenever they detect MLSI. Then a tracing agent, which can activate the information-gathering agent and employs a message box upon arrival, will get dispatched in target host by the manager. After getting the additional information, information gathering agent returns back to the manager and informs about the additional information.
To response to intrusion, a system must use large number of agents and have very elaborative mechanism. In AAIRS, IDS sensors give the output to interface agents who can keep track of IDS reports credibility. Here IDS middle tier components are implemented as mobile agents. ADEPTS system contains Intrusion Directed Acyclic Graph (I-DAG). Every node in I-DAG has Effect Service Set and Cause Service Set. Cause Service Set contains all the services which compromised to achieve the goal and Effect Service set contains all the services which will get compromised only after the goal is achieved. ADEPTS system accepts multiple alerts simultaneously and for each alert, a separate I-DAG will get initiated. Confidence will assign to the node, if there exists a node in I-DAG corresponding to the intrusion.
Conclusions:
IDs mostly have response as its secondary activity. For every response in IDA there are more than 100 responses in ADEPTS. All models have provision for response and consider mostly parallel attacks. All the models fit in distributed infrastructure, based on three mobile agents. There is a possibility of the response to failed in ADEPTS case.
Download B.tech CSE Seminar Topic with Report for Response Mechanisms in Ids On Intelligent Agents .