A denial-of-service resistant intrusion detection architecture

As the capabilities of intrusion detection systems (IDSs) advance, attacker s may disable organizations' IDSs before attempting to penetrate more valua ble targets. To counter this threat, we present an IDS architecture that is resistant to denial-of-service (DOS) attacks. The architecture frustrates attackers by making IDS components invisible to attackers' normal means of "seeing" in a network. Upon a successful attack, the architecture allows ID S components to relocate from attacked hosts to operational hosts thereby m itigating the attack. These capabilities are obtained by using mobile agent technology, utilizing network topology features, and by restricting the co mmunication allowed between different types of IDS components. (C) 2000 Els evier Science B.V. All rights reserved.