IDReAM

Abstract

This paper deals with a new approach to build a completely distributed and decentralized Intrusion Detection and Response System (IDRS) in computer networks. This approach is called Intrusion Detection and Response executed with Agent Mobility or IDReAM for short. Conceptually, IDReAM combines Mobile Agents (MAs) with self-organizing paradigms inspired by natural life systems. The Intrusion Detection System (IDS) borrows mechanisms from the immune system that protect the human body against external aggressions. The Intrusion Response System (IRS) borrows mechanisms from the stigmergic paradigm of a colony of ants. The two natural systems exhibit a social life by the organization of their entities (immune cells and ants) which is not possible without the functionality of mobility. Thus, in a natural way, MAs are good candidates to provide this property of mobility. After having presented IDReAM's conceptual model in a previous paper, the present paper concretely describes IDReAM's architecture and the corresponding implementation based on the conceptual model. The implementation is carried out with J-Seal2, a pure Java MA platform. This paper also provides IDReAM's assessment in term of resource consumption and intrusion detection and intrusion response efficiency.