ISBN-13: 9783846536957 / Angielski / Miękka / 72 str.
Signature-based detection is the most widely used technique for Intrusion Detection Systems (IDS). One of the major challenges of signature-based IDS is how to keep up with a large volume of incoming traffic when each packet needs to be compared with every signature in the database. When an IDS cannot keep up with the traffic flood, all it can do is to drop packets, therefore, may miss potential attacks. In this thesis, a new model is proposed so as to avoid traffic flooding. The proposed model is called dynamic multi-layer signature-based IDS using mobile agents, this model has the capability to detect imminent threats with very high success rate by automatically creating and using multiple small efficient signature databases at different layers, and with each layer compromising of few signatures, and at the same time, provides mechanisms to update small signature databases with newly created signatures at some intervals of time. Mobile agents are used in this approach to update small signature databases.