Information gathering with mobile agents for an intrusion detection system

Many network intrusion detection systems detect intrusions by concentrating all logs of target systems in a server and having the server subsequently analyze these logs. At the Information-technology Promotion Agency (IPA), we have been developing an alternate type of network intrusion detection system called IDA (Intrusion Detection Agent system), which detects intrusions with mobile agents that act by gathering information related to intrusions from target systems on a network. The mobile agents autonomously trace the origin of the break-in without the intrusion-detection servers control and also gather information from target systems. Consequently, network traffic between the target systems and the server is reduced. This paper describes how the mobile agents migrate from machine to machine within a network and details how they trace intrusions and gather and exchange information efficiently.