An inside attacker proof intrusion dectection system

초록

Recently, an intrusion dection system which named CONFIDANT was proposed, which utilized file integrity analyzers and mobile agent for intrusion dection and aimed to dection of malicious activity by insiders. But CONFIDANT has vulnerabilities in security aspect, the sensor agents in the lowest echelon are easily compromised by malicious platforms. Therefore, we integrate a security mechanism which named clone agent protocol into CONFIDANT. We improved the structure of CONFIDANT to protect those agents and strengthen its security, make sure them finish their computation and detect malicious hosts even though there are a few malicious platforms.