Implementation of Intrusion Recognition System in Distributed Systems
Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. It is quite challenging to attribute a missing packet to a malevolent action because normal network congestion cannot produce the same effect. One of the primary challenges in intrusion recognition is modeling typical application behavior, so that the authors can recognize attacks by their atypical effects without raising too many false alarms. IDS implemented using mobile agents is one of the new paradigms for intrusion recognition. In this paper, they have proposed an effective intrusion identification system in which local agent collects data from its own system and it classifies anomaly behaviors using SVM classifier. Each local agent is capable of removing the host system from the network on successful recognition of attacks.