Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS
نویسندگان
چکیده
In this paper, we present the design and implementation of a Collaborative Intrusion Detection System (CIDS) for accurate and efficient intrusion detection in a distributed system. CIDS employs multiple specialized detectors at the different layers – network, kernel and application – and a manager based framework for aggregating the alarms from the different detectors to provide a combined alarm for an intrusion. The premise is that a carefully designed and configured CIDS can increase the accuracy of detection compared to individual detectors, without a substantial degradation in performance. In order to validate the premise, we present the design and implementation of a CIDS which employs Snort, Libsafe, and a new kernel level IDS called Sysmon. The manager has a graph-based and a Bayesian network based aggregation method for combining the alarms to finally come up with a decision about the intrusion. The system is evaluated using a web-based electronic store front application and under three different classes of attacks – buffer overflow, flooding and script-based attacks. The results show performance degradations compared to no detection of 3.9% and 6.3% under normal workload and a buffer overflow attack respectively. The experiments to evaluate the accuracy of the system show that the normal workload generates false alarms for Snort and the elementary detectors produce missed alarms. CIDS does not flag the false alarm and reduces the incidence of missed alarms to 1 of the 7 cases. CIDS can also be used to measure the propagation time of an intrusion which is useful in choosing an appropriate response strategy.
منابع مشابه
Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS
In this paper, we present the design and implementation of a Collaborative Intrusion Detection System (CIDS) for accurate and efficient intrusion detection in a distributed system. CIDS employs multiple specialized detectors at the different layers – network, kernel and application – and a manager based framework for aggregating the alarms from the different detectors to provide a combined alar...
متن کاملCollaborative Intrusion Detection Framework: Characteristics, Adversarial Opportunities and Countermeasures
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information frommultiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Sy...
متن کاملCollaborative IDS Framework for Cloud
Cloud computing is used extensively to deliver utility computing over the Internet. Defending network accessible Cloud resources and services from various threats and attacks is of great concern. Intrusion Detection System (IDS) has become popular as an important network security technology to detect cyber-attacks. In this paper, we propose a novel Collaborative IDS (CIDS) Framework for cloud. ...
متن کاملEvaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks
Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...
متن کاملIntrusion Detection based on a Novel Hybrid Learning Approach
Information security and Intrusion Detection System (IDS) plays a critical role in the Internet. IDS is an essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality and system availability against possible threats. In this paper, a hybrid approach towards achieving high performance is proposed. In fact, the important goal of this paper ...
متن کامل