DIDS (Distributed Intrusion Detection System) − Motivation, Architecture, and An Early Prototype
نویسندگان
چکیده
Intrusion detection is the problem of identifying unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators. The proliferation of heterogeneous computer networks provides additional implications for the intrusion detection problem. Namely, the increased connectivity of computer systems gives greater access to outsiders, and makes it easier for intruders to avoid detection. IDS’s are based on the belief that an intruder’s behavior will be noticeably different from that of a legitimate user. We are designing and implementing a prototype Distributed Intrusion Detection System (DIDS) that combines distributed monitoring and data reduction (through individual host and LAN monitors) with centralized data analysis (through the DIDS director) to monitor a heterogeneous network of computers. This approach is unique among current IDS’s. A main problem considered in this paper is the Network-user Identification problem, which is concerned with tracking a user moving across the network, possibly with a new user-id on each computer. Initial system prototypes have provided quite favorable results on this problem and the detection of attacks on a network. This paper provides an overview of the motivation behind DIDS, the system architecture and capabilities, and a discussion of the early prototype.
منابع مشابه
SHOMAR: An Open Architecture for Distributed Intrusion Detection Services
Distributed Intrusion Detection Systems (DIDS) offer an alternative to centralized intrusion detection. Current research indicates that a distributed intrusion detection paradigm may afford greater coverage, consequently providing an increase in security. In some cases, DIDS offer an alternative to centralized analysis, consequently improving scalabity. SHOMAR, the distributed architecture pres...
متن کاملProposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface
Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...
متن کاملProposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface
Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...
متن کاملTowards an Integrated Intrusion Detection Monitoring in High Speed Networks
Problem statement: Security Management has become a critical aspect for large scale distributed systems. Particularly, recent Distributed Intrusion Detection Systems (DIDS) schemes in High Speed Networks (HSN) have raised new serious management problems and challenges. Increasing the effectiveness of IDS monitoring is primordial to satisfy the restrictive constraints in such large multi-domains...
متن کامل