At the Information-technology Promotion Agency (IPA) in Japan, we have been developing a network intrusion detection system (IDS) called the Intrusion Detection Agent system (IDA), which employs mobile agents toward the goal of avoiding some of the problems experienced by conventional IDSs. IDA has a function by which mobile agents trace intruders, collecting information only related to the intrusion along the intrusion-route, and decide whether, in fact, an intrusion has occurred. These functions enable efficient information retrieval, and also make it possible to detect compromised intermediate hosts. Furthermore, IDA detects intrusions based on a new intrusion detection method, with features distinct from those of the conventional one. Consequently, IDA reduces the overhead of the system and detects some new and unknown forms of attack.
展开▼