Applying Mobile Agents to Intrusion Detection and Response

Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial foray into the relatively unexplored terrain of using Mobile Agents for Intrusion Detection Systems (MAIDS). It suggests a number of innovative ways to apply agent mobility to address shortcomings of current IDS designs and implementations, and explores several new paradigms involving mobile agents. The report looks not only at the benefits derived from mobility, but also those inherent to agent technology, such as autonomous components. We explore these benefits in some detail and propose specific research topics in both the intrusion detection and intrusion response areas. We also discuss performance advantages and disadvantages that occur when using mobile agents in intrusion detection and response. The report concludes with a rating of the proposed research topics, falling under three main areas: performance enhancements, design improvements, and response improvements.