AWide Area Log Analyzing System Based on Mobile Agents

The Internet is being widely used these days and many users are required to manage their network environments, because damages caused by worms, which spread using security holes of software, are also increasing rapidly. One of the effective means of detecting the damages caused by the worms in early stage is to analyze the network communication logs stored in computers that are spread over a wide area. However, almost all network administrators are not able to install many observation points, though a large number of observation points over a wide area of a network are needed to grasp symptoms of attacks precisely. In this paper, we propose an agent based log analyzing system by integrating the concepts of P2P network and mobile agents to realize detection and protection from the damages which may be caused by the worms in early stage. We also show results of experiments using our prototype system. The results show that our system can collect useful information from a wide area of a network, and provide means of flexible and on-demand analysis of network traffic logs to detect hostile attacks on the network.