Architecture and Implementation

  • Ali A. Ghorbani
  • Wei Lu
  • Mahbod Tavallaee
Part of the Advances in Information Security book series (ADIS, volume 47)


Based on the place where data source are collected and analyzed, the IDS can be classified into centralized, distributed and agent based. In this Chapter, we discuss each category in terms of its architecture and implementation.

The first generation of IDSs is generally implemented inside the mainframe computer systems that they monitor and protect. These host-based IDSs run on the target system in order to monitor and analyze the operating system and host activities and to detect malicious activities. Due to the overhead caused by IDSs on the target system, the next generation of IDSs is proposed in which the intrusion monitoring, analysis and detection are moved from the target system to a separate system. Most of current IDSs are centralized systems. With a centralized architecture, all of the monitoring, detection, and response activities are controlled directly by a central console. Figure 5.1 illustrates a generic centralized IDS architecture.


Intrusion Detection Mobile Agent Target System Intrusion Detection System Attack Strategy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. Axelsson, Intrusion detection systems: A survey and taxonomy, Tech. Report 99–15, Chalmers University of Technology, Department of Computer Engineering, 2000.Google Scholar
  2. 2.
    Karima Boudaoud and Zahia Guessoum, A multi-agents system for network security management, Telecommunication Network Intelligence, IFIP TC6 WG6.7 Sixth International Conference on Intelligence in Networks (SMARTNET 2000) (Vienna, Austria) (Harmen R. van As, ed.), IFIP Conference Proceedings, vol. 178, Kluwer, September 2000, pp. 172–189.Google Scholar
  3. 3.
    M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford, Idiot - users guide, technical report, Tech. Report TR-96-050, Purdue University, COAST Laboratory, September 1996.Google Scholar
  4. 4.
    D. Frincke, D. Tobin, J. McConnell, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (Arlington, VA), October 1998, pp. 361–373.Google Scholar
  5. 5.
    I.M. Hegazy, T. Al-Arif, Z.T. Fayed, and H.M. Faheem, A multi-agent based system for intrusion detection, IEEE Potentials 22 (2003), no. 4, 28–31.CrossRefGoogle Scholar
  6. 6.
    G. Helmer, Intelligent multi-agent system for intrusion detection and countermeasures, Ph.D. thesis, Iowa State University, Computer Science Department, Ames, IA, 2000.Google Scholar
  7. 7.
    G. Helmer, J.S.K. Wong, V. Honavar, L. Miller, and Y. Wang, Lightweight agents for intrusion detection, The Journal of Systems & Software 67 (2003), no. 2, 109–122.CrossRefGoogle Scholar
  8. 8.
    M.Y. Huang, R.J. Jasper, and T.M. Wicks, Large scale distributed intrusion detection framework based on attack strategy analysis, COMPUT. NETWORKS 31 (1999), no. 23, 2465–2475.CrossRefGoogle Scholar
  9. 9.
    W. Jansen, P. Mell, T. Karygiannis, and D. Marks, Applying mobile agents to intrusion detection and response, Tech. Report NIST Interim Report (IR) 6416, National Institute of Standards and Technology, Computer Security Division, October 1999.Google Scholar
  10. 10.
    ——, Mobile agents in intrusion detection and response, 12th Annual Canadian Information Technology Security Symposium (Ottowa, Canada), 2000.Google Scholar
  11. 11.
    A. Taguchi M. Asaka, S. Okazawa and S. Goto, A method of tracing intruders by use of mobile agent, Proceedings of the 9th Annual Internetworking Conference (INET) (San Jose, California), 1999.Google Scholar
  12. 12.
    J. McConnell, D. Frincke, D. Tobin, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (NISSC), October 1998, pp. 361–373.Google Scholar
  13. 13.
    X. Qin, W. Lee, L. Lewis, and JBD Cabrera, Integrating intrusion detection and network management, IEEE/IFIP Network Operations and Management Symposium (NOMS), 2002, pp. 329–344.Google Scholar
  14. 14.
    D.J. Ragsdale, C.A. Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.Google Scholar
  15. 15.
    M. Shajari and A. Ghorbani, Using fuzzy logic to manage false alarms in intrusion detection, Proceedings of the 18th International Conference on Information Security (SEC), 2003, pp. 241–252.Google Scholar
  16. 16.
    M. Shajari and A. A. Ghorbani, Application of Belief-Desire-Intention agents in intrusion detection and response, Proceedings of Privacy, Security, Trust(PST04) Conference, 2004.Google Scholar
  17. 17.
    Eugene H. Spafford and Diego Zamboni, Intrusion detection using autonomous agents, Computer Networks 34 (2000), no. 4, 547–570.CrossRefGoogle Scholar
  18. 18.
    A. Sundaram, An introduction to intrusion detection, Crossroads 2 (1996), no. 4, 3–7.CrossRefGoogle Scholar
  19. 19.
    G. Vigna, Mobile agents: Ten reasons for failure, 2004 IEEE International Conference on Mobile Data Management, 2004. Proceedings, 2004, pp. 298–299.Google Scholar
  20. 20.
    X. Wang, The loop fallacy and serialization in tracing intrusion connections through stepping stones, Proceedings of ACM Symposium on Applied Computing (SAC), March 2004.Google Scholar
  21. 21.
    Q. Xue, J. Sun, and Z. Wei, TJIDS: an intrusion detection architecture for distributed network, IEEE CCECE Canadian Conference on Electrical and Computer Engineering, vol. 2, 2003.Google Scholar

Copyright information

© Springer-Verlag US 2010

Authors and Affiliations

  1. 1.University of New BrunswickFrederictonCanada

Personalised recommendations