Architecture and Implementation
Based on the place where data source are collected and analyzed, the IDS can be classified into centralized, distributed and agent based. In this Chapter, we discuss each category in terms of its architecture and implementation.
The first generation of IDSs is generally implemented inside the mainframe computer systems that they monitor and protect. These host-based IDSs run on the target system in order to monitor and analyze the operating system and host activities and to detect malicious activities. Due to the overhead caused by IDSs on the target system, the next generation of IDSs is proposed in which the intrusion monitoring, analysis and detection are moved from the target system to a separate system. Most of current IDSs are centralized systems. With a centralized architecture, all of the monitoring, detection, and response activities are controlled directly by a central console. Figure 5.1 illustrates a generic centralized IDS architecture.
KeywordsIntrusion Detection Mobile Agent Target System Intrusion Detection System Attack Strategy
Unable to display preview. Download preview PDF.
- 1.S. Axelsson, Intrusion detection systems: A survey and taxonomy, Tech. Report 99–15, Chalmers University of Technology, Department of Computer Engineering, 2000.Google Scholar
- 2.Karima Boudaoud and Zahia Guessoum, A multi-agents system for network security management, Telecommunication Network Intelligence, IFIP TC6 WG6.7 Sixth International Conference on Intelligence in Networks (SMARTNET 2000) (Vienna, Austria) (Harmen R. van As, ed.), IFIP Conference Proceedings, vol. 178, Kluwer, September 2000, pp. 172–189.Google Scholar
- 3.M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford, Idiot - users guide, technical report, Tech. Report TR-96-050, Purdue University, COAST Laboratory, September 1996.Google Scholar
- 4.D. Frincke, D. Tobin, J. McConnell, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (Arlington, VA), October 1998, pp. 361–373.Google Scholar
- 6.G. Helmer, Intelligent multi-agent system for intrusion detection and countermeasures, Ph.D. thesis, Iowa State University, Computer Science Department, Ames, IA, 2000.Google Scholar
- 9.W. Jansen, P. Mell, T. Karygiannis, and D. Marks, Applying mobile agents to intrusion detection and response, Tech. Report NIST Interim Report (IR) 6416, National Institute of Standards and Technology, Computer Security Division, October 1999.Google Scholar
- 10.——, Mobile agents in intrusion detection and response, 12th Annual Canadian Information Technology Security Symposium (Ottowa, Canada), 2000.Google Scholar
- 11.A. Taguchi M. Asaka, S. Okazawa and S. Goto, A method of tracing intruders by use of mobile agent, Proceedings of the 9th Annual Internetworking Conference (INET) (San Jose, California), 1999.Google Scholar
- 12.J. McConnell, D. Frincke, D. Tobin, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (NISSC), October 1998, pp. 361–373.Google Scholar
- 13.X. Qin, W. Lee, L. Lewis, and JBD Cabrera, Integrating intrusion detection and network management, IEEE/IFIP Network Operations and Management Symposium (NOMS), 2002, pp. 329–344.Google Scholar
- 14.D.J. Ragsdale, C.A. Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.Google Scholar
- 15.M. Shajari and A. Ghorbani, Using fuzzy logic to manage false alarms in intrusion detection, Proceedings of the 18th International Conference on Information Security (SEC), 2003, pp. 241–252.Google Scholar
- 16.M. Shajari and A. A. Ghorbani, Application of Belief-Desire-Intention agents in intrusion detection and response, Proceedings of Privacy, Security, Trust(PST04) Conference, 2004.Google Scholar
- 19.G. Vigna, Mobile agents: Ten reasons for failure, 2004 IEEE International Conference on Mobile Data Management, 2004. Proceedings, 2004, pp. 298–299.Google Scholar
- 20.X. Wang, The loop fallacy and serialization in tracing intrusion connections through stepping stones, Proceedings of ACM Symposium on Applied Computing (SAC), March 2004.Google Scholar
- 21.Q. Xue, J. Sun, and Z. Wei, TJIDS: an intrusion detection architecture for distributed network, IEEE CCECE Canadian Conference on Electrical and Computer Engineering, vol. 2, 2003.Google Scholar