Intrusion Detection Based on Active Networks

Abstract

The network security is getting more important due to the wide-spread computer viruses and increasing network attacks. Nowadays, more and more security mechanisms, such as firewalls and intrusion detection systems (IDS), are introduced to protect the network from malicious attacks. This paper proposes an agent and service based intrusion detection and response system for active network. In contrast to a traditional passive network, an active network gives the nodes programmable ability to exercise various active network technologies. The intrusion response, service deployment, and service update mechanisms are centered on this technology. The proposed model of intrusion detection and response system (IDRS) catches network attacks and responses to stop the attacks at the first time to reduce the damage. Detecting, reporting, and responding capabilities are all embedded and integrated in the proposed system. A prototype system is developed using a novel data mining technology (the support vector machine) to enhance the detection function. In addition, several experiments were conducted to verify the system and results showed that the system was able to effectively identify the intrusions and respond promptly. Experiments also showed that the support vector machine outperforms the competitive neural networks in identifying the intrusions.