A SNORT-based Mobile Agent for a Distributed Intrusion Detection System

Due to the rapid growth of the network application, new kinds of network attacks are endlessly emerging. Thus, it is of paramount importance to protect the networks from attackers. Consequently, the Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing and commercial IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. In this paper, we introduce a novel mobile agent-based intrusion detection system focusing on the misuse detection approach, called DIDMAS (Distributed Intrusion Detection using Mobile Agents and Snort). DIDMAS takes advantages of the mobile agent paradigm to implement an efficient distributed system, as well as the integration of existing techniques, i.e., the well-known IDS SNORT. Carried out experiments showed that our proposed system presents better performance as well as a good scalability compared to the pioneer known centralized IDS SNORT system over real traffic and a set of simulated attacks.