Skip to Main Content
Information systems are more and more opened on Internet today. This opening, a prior beneficial, nevertheless raises a major problem: it ensues from it an increasing number of attacks. The IDS was developed with the aim of detecting abnormal functioning of information systems and networks, indicating that actions not corresponding to the safety policy are led by one or several users. Centralized IDS suffer from significant limitations when used in high speed networks, especially when they face distributed attacks. In this paper we propose a distributed hybrid approach based on mobile agents for the detection of intrusion: HAMA-IDS (Hybrid Approach based on Mobile Agents for Intrusion Detection System). The proposed approach uses the platform Aglets for the creation and the distribution of four types of mobile agents. The Collector agent is used to the gathering of information, when the Analyzer and Redirector agent are responsible of the analysis (scenarios and behavioral analysis). The generator agent is responsible to the launch of these agents and to the management of messages received from these last ones.