Academic journal article Issues in Informing Science & Information Technology

A Strategic Review of Existing Mobile Agent-Based Intrusion Detection Systems

Academic journal article Issues in Informing Science & Information Technology

A Strategic Review of Existing Mobile Agent-Based Intrusion Detection Systems

Article excerpt


An intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. An intrusion takes place when an attacker or group of attackers exploit security vulnerabilities and thus violate the CIA guarantees of a system. Intrusion detection is therefore required as an additional wall for protecting systems. Intrusion detection is simply an act of detecting intrusions.

Intrusion Detection System (IDS) is an authorized way of identifying illegitimate users, attacks and vulnerabilities that could affect the proper functioning of computer systems. IDSs detect some set of intrusions and execute some predetermined actions when an intrusion is detected (W. Wang et al., 2006). However, the initial designs of IDS are faced with some shortcomings listed as follows:

(i) Delay of time.

(ii) A single point of failure.

(iii) Limited scalability.

(iv) Hard to communicate mutually between different IDSs

In order to solve the aforementioned shortcomings, mobile agent technology is currently applied to IDS. Mobile agent is a particular type of software agents which has the capability of moving from one host to another. It is an autonomous program situated within an environment, which senses the environment and acts upon it using its knowledge base to achieve its goals. Mobile agent is of the features of reducing network overload, overcoming network latency, synchronous and autonomous execution, robustness and fault-tolerance, system scalability and operating in heterogeneous environments. To this end, MA technology is very suitable to solve intrusion detection in a distributed environment (Chan & Wei, 2002), hence the advent of Mobile Agent based IDS (MA-IDS).

MA-IDSs are also faced with some shortcomings such as:

a. High time to detection: MA solutions may not be fast enough to meet the needs of IDS. One of the major challenging problems facing MA-IDS is improving the speed with which they can identify malicious activities.

b. Performance: though MA technology has improved greatly on detection performance, but effective detection of autonomous attacks is still very low. Also, agents are often written in scripting or interpreted languages, which are easily ported between different platforms. Their mode of execution is still very low compared to native codes (Kruegel and Toth, 2002).

c. Security: Another major problem is protecting the protector (MA-IDS) from attacks.

Hence, the thrust of this paper is to critically examine the existing and most referenced MA-IDSs. The paper is organized as follows: the second section discusses the proposed classification of Intrusion detection system; the third section examines the existing literature on MA-IDSs; in the fourth section, the proposed architecture is discussed considering the shortcomings of current design; the fifth section concludes the work.

Classification of Intrusion Detection System

It is a well-known fact that the research in a field greatly benefits from a good taxonomy and hence a good classification. There have been several defined taxonomies, classifications and subsequent surveys for intrusion detection. The goals of the efforts in several classifications have also been quite diverse; some only try to survey the field and find it easier with labels on the systems, while others try to use the taxonomies for a deeper understanding or to guide future research efforts.

Despite these previous efforts, intrusion detection still lacks a widely applicable and accepted taxonomy. This may in part be because of it being a young research field, part of it being fast-paced and maybe part of it owing to its inherent complexity (Almgren et al., 2003). This paper aims to broadly classify IDS based on its necessary features. Figure 1 shows our proposed classification of a typical intrusion detection system and its description follows. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.