Authors : Farah Barika Ktata, Nabil El Kadhi and Khaled Ghedira
Abstract: The aim of this study is to present the performance of an agent approach for intelligent and distributed intrusion detection system based on a new anomaly detection. The performance is investigated in terms of detection delay, false alarm rate and detection rate by comparing the presented two versions MAFIDS_v1 (Mobile Agents for Intrusion Detection System) and MAFIDS_v2, respectively based on a basic statistical anomaly detection algorithm (an adaptive threshold algorithm) and a modified adaptive threshold algorithm. This novel framework incorporates parameters issued from the investigation of 2 notions: morphology and artificial emotion. The underlying idea is to describe state of agent organization by various measurements made at the agent level. A particular emphasis is on the incorporation of these measurements to the anomaly detection algorithm for detecting SYN flooding, the most common type of Denial of Service (DOS) attack and improve its performance over uctuations of real TCP traffic especially when the major shortcomings of anomaly detection are: a longer detection and higher false alarm rate.
Farah Barika Ktata, Nabil El Kadhi and Khaled Ghedira, 2011. Mobile Agents for Intrusion Detection System Based on A New Anomaly Approach. Journal of Engineering and Applied Sciences, 6: 79-90.