P2P distributed intrusion detections by using mobile agents

Traditional hierarchical intrusion detection systems have a central manager which attracts hackers to attack and might overload when there are too many client requests. To overcome these drawbacks, some researchers suggested to apply Peer-to-Peer approaches in intrusion detection. Most current Peer-to-Peer intrusion detection systems only allow hosts to collect related information from "neighbours" (one hop hosts). The limitation of information sources may lead a system to make inaccurate decisions. In this paper, we propose a Mobile Agent Based Peer-to-Peer Distributed Intrusion Detection Framework. Agents are included in this framework to achieve intrusion detections. In addition, a mobile agent migration strategy is applied in the framework to allow agents not only to collect information from direct-linked "neighbours" but also other hosts in the network. Benefitted from agent and Peer-to-Peer techniques, our framework can decrease the overhead of each host in the network, reduce the security risk, and achieve more accurate detections.