|
Abstract : |
Distributed intrusion detection systems are especially vulnerable to attacks since, typically, each component resides at a static location and components are connected together into a hierarchical structure. An attacker can disable such a system by taking out a node high in the hierarchy, thus amputating a portion of the distributed system. A solution to this problem is to cast the internal nodes in the system hierarchy as mobile agents. These mobile agents randomly move around the network such that an attacker can not locate their position. If an attacker takes out a mobile agent platform, the remaining agents estimate the location of the attacker and automatically avoid those networks. Killed agents are resurrected by a group of backups that retain all or partial state information. We are implementing this technology as an API such that existing intrusion detection systems can wrap their components as mobile agents in order to gain a type of ?attack resistance?. Intrusion detection systems (IDSs) are obvious targets for network intruders. Take out the IDS and an attacker can slip invisibly into vulnerable computer systems. This problem becomes more pronounced as commercial IDSs migrate to massively distributed hierarchical architectures. In these systems, an attacker, |
