Simulation of network security with collaboration among IDS models

Abstract

IDS (Intrusion Detection System) plays a vital role in network security in that it monitors system activities to identity unauthorized use, misuse or abuse of computer and network system. For the simulation of IDS a model has been constructed based on the DEVS (Discrete EVent system Specification) formalism. With this model we can simulate whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. Each agent cooperates through the BBA (Black Board Architecture) for detecting intrusions. If an agent detects intrusions, it transfers attacker’s information to a Firewall. Using this mechanism attacker’s packets detected by IDS can be prevented from damaging the network.