DISTRIBUTED DETECTION OF DDOS ATTACKS DURING THE INTERMEDIATE PHASE THROUGH MOBILE AGENTS

摘要

A Distributed Denial of Service attack is a large-scale, coordinated attack on the availability of services of a victim system, launched indirectly through many compromised computers on the Internet. Intrusion detection systems are network security tools that process local audit data or monitor network traffic to search for specific patterns or certain deviations from expected behavior, which indicate malicious activities against the protected network. In this study, we propose distributed intrusion detection methods to detect Distributed Denial of Service attacks in a special dataset and test these methods in a simulated-real time environment, in which the mobile agents are synchronized with the timestamp stated in the dataset. All of our methods use the alarms generated by SNORT, a signature-based network intrusion detection system. We use mobile agents in our methods on the Jade platform in order to reduce network bandwidth usage and to decrease the dependency on the central unit for a higher reliability. The methods are compared based on reliability, network load and mean detection time values.