Agent Verification Protocol in Agent-based IDS

Agent-based IDS is a powerful technique used by network administrator to monitor traffic activities in their network. However, the widespread network coverage has introduced a possibility of a hacker installing unauthorized agents or fake agents secretly within the network. This is considered as a very serious threat to the network security. This paper proposes a protocol that is used to detect the presence of a fake agent upon its installation. The technique is a combination of Elgamal encryption, Elgamal digital signature, and SHA-1 message digest function. A simple implementation was developed to test the proposed protocol.