Early Warning Intrusion Detection System

Early Warning Intrusion Detection System (EWIS) is a distributed global scoped Internet threat monitoring system with the potential of detecting large scale malicious events as early as possible. The system’s architecture includes a network of distributed low-interaction sensors and a central server [1]. The sensors are small computing platforms [2] that by design are easy to deploy in a distributed fashion to a large number of partner organizations. They are preconfigured to be robust and secure and thus integrate non-intrusively to a network infrastructure. Each sensor collects network activity flows of potentially malicious intent from dark Internet address spaces and then relays this information to the central server for logging and further analysis. The system follows the design of a Network Telescope [3] which similarly to a visual telescope, its resolution is relative to its size. As the number of deployed sensors grows, so does its resolution. EWIS’s resolution is further enhanced by deploying sensors to willing partner organizations.