This report is an initial foray into the relatively unexplored terrain of using Mobile Agents (MAs) for Intrusion Detection Systems (IDSs). It is a research guide that helps identify the most promising areas of mobile agent IDS research. After providing some background information, we enumerate the problems found in current IDSs and propose potential solutions offered by MAs. The report suggests innovative ways to apply agent mobility to address shortcomings of current IDS designs and implementations. It then discusses performance advantages and disadvantages that occur when using MAs for IDSs. The practical discussion of performance leads into proposals for several new intrusion detection paradigms enabled by MAs. While the report focuses mostly on the benefits derived from mobility, it also takes into consideration the features gained from agent technology, such as autonomous components, which offer significant benefits. It explores these benefits in some detail and proposes specific research topics in both the intrusion detection and intrusion response areas.
NIST Interim Report (IR) - 6416