Mobile Security Agents for Network Traffic Analysis

This paper describes the implementation of a distributed agent architecture for intrusion detection and response in networked computers. Unlike conventional intrusion detection systems (IDS), this security system attempts to emulate mechanisms of the natural immune system using Java-based mobile software agents. These security agents monitor multiple levels (packet, process, system, and user) of networked computers to determine correlation among the observed anomalous patterns, reporting such abnormal behavior to the network administrator and/or possibly taking some action to counter a suspected security violation. The paper focuses on the design aspects of such an intrusion detection system by integrating different artificial intelligence techniques and a mobile agent architecture. Specifically, IBM’s Aglets Software Development Kit (ASDK) is used as the base agent architecture, along with Adaptive Resonance Theory (ART-2) neural networks for network pattern classification, and a fuzzy logic controller for decision/action resolution. The feasibility and implementation of the mobile security agent system is demonstrated and some preliminary results are reported.