Signature-based multi-layer distributed intrusion detection system using mobile agents

Mueen Uddin, Azizah Abdul Rehman, Naeem Uddin, Jamshed Memon, Raed Alsaqour, Suhail Kazi

Research output: Contribution to journalArticle

18 Citations (Scopus)

Abstract

The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.

Original languageEnglish
Pages (from-to)97-105
Number of pages9
JournalInternational Journal of Network Security
Volume15
Issue number2
Publication statusPublished - Mar 2013

Fingerprint

Mobile agents
Intrusion detection
Computer systems
Information use
Computer networks
Internet

Keywords

  • Anomaly-based IDS
  • Intrusion detection systems
  • Mobile agent
  • Signature-based IDS
  • Snort

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Uddin, M., Rehman, A. A., Uddin, N., Memon, J., Alsaqour, R., & Kazi, S. (2013). Signature-based multi-layer distributed intrusion detection system using mobile agents. International Journal of Network Security, 15(2), 97-105.

Signature-based multi-layer distributed intrusion detection system using mobile agents. / Uddin, Mueen; Rehman, Azizah Abdul; Uddin, Naeem; Memon, Jamshed; Alsaqour, Raed; Kazi, Suhail.

In: International Journal of Network Security, Vol. 15, No. 2, 03.2013, p. 97-105.

Research output: Contribution to journalArticle

Uddin, M, Rehman, AA, Uddin, N, Memon, J, Alsaqour, R & Kazi, S 2013, 'Signature-based multi-layer distributed intrusion detection system using mobile agents', International Journal of Network Security, vol. 15, no. 2, pp. 97-105.
Uddin, Mueen ; Rehman, Azizah Abdul ; Uddin, Naeem ; Memon, Jamshed ; Alsaqour, Raed ; Kazi, Suhail. / Signature-based multi-layer distributed intrusion detection system using mobile agents. In: International Journal of Network Security. 2013 ; Vol. 15, No. 2. pp. 97-105.
@article{1c3e7dd923874e6397e4a85338603cd3,
title = "Signature-based multi-layer distributed intrusion detection system using mobile agents",
abstract = "The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.",
keywords = "Anomaly-based IDS, Intrusion detection systems, Mobile agent, Signature-based IDS, Snort",
author = "Mueen Uddin and Rehman, {Azizah Abdul} and Naeem Uddin and Jamshed Memon and Raed Alsaqour and Suhail Kazi",
year = "2013",
month = "3",
language = "English",
volume = "15",
pages = "97--105",
journal = "International Journal of Network Security",
issn = "1816-353X",
publisher = "National Chung Hsing University",
number = "2",

}

TY - JOUR

T1 - Signature-based multi-layer distributed intrusion detection system using mobile agents

AU - Uddin, Mueen

AU - Rehman, Azizah Abdul

AU - Uddin, Naeem

AU - Memon, Jamshed

AU - Alsaqour, Raed

AU - Kazi, Suhail

PY - 2013/3

Y1 - 2013/3

N2 - The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.

AB - The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. In this context, signature-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. Signature-based detection is the most extensively used threat detection technique for (IDSs). One of the foremost challenges for signature-based IDSs is how to keep up with large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. This paper proposes a new model called Signature-based Multi-Layer IDS using mobile agents, which can detect imminent threats with extremely high success rate by dynamically and automatically creating and using small and efficient multiple databases, and at the same time, provide mechanism to update these small signature databases at regular intervals using mobile agents.

KW - Anomaly-based IDS

KW - Intrusion detection systems

KW - Mobile agent

KW - Signature-based IDS

KW - Snort

UR - http://www.scopus.com/inward/record.url?scp=84875356217&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84875356217&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84875356217

VL - 15

SP - 97

EP - 105

JO - International Journal of Network Security

JF - International Journal of Network Security

SN - 1816-353X

IS - 2

ER -