A Robust and Fault-Tolerant Intrusion Detection System (original) (raw)
Related papers
Autonomous Agent Based Distributed Fault-Tolerant Intrusion Detection System
Proceedings of the 2nd International Conference on Distributed Computing and Internet Technology (ICDCIT ’05), December 22-24, 2005, Bhubaneswar, India. Springer-Verlag, Germany, LNCS 3186, pp. 125-131. Editor: Gautam Chakraborty, 2005
Because all vulnerabilities of a network cannot be realized, and penetration of the system cannot always be prevented, intrusion detection systems have become necessary to ensure the security of a network. The intrusion detection systems need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today’s network environments, the design of an intrusion detection system has become a very challenging task. A great deal of research has been conducted on intrusion detection in a distributed environment to circumvent the problems of centralized approaches. However, distributed intrusion detection systems suffer from a number of drawbacks e.g., high rates of false positives, low efficiency etc. In this paper, we propose the architecture of a fully distributed intrusion detection system that uses a set of autonomous but cooperating agents. The system has also the capability of isolating compromised nodes from intrusion detection activity thereby ensuring fault-tolerance in computation.
A Robust and Fault-Tolerant Distributed Intrusion Detection System
Proceedings of the 1st International Conference on Parallel, Distributed and Grid Computing (PDGC 2010), pp. 123 – 128, October, 2010, Waknaghat, India., 2010
Since it is impossible to predict and identify all the vulnerabilities of a network, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities for ensuring the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days’ networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has high detection efficiency and low false positives compared to some of the currently existing systems.
Lecture Notes in Computer Science (LNCS), Vol 3186, 2005
Because all vulnerabilities of a network cannot be realized, and penetration of the system cannot always be prevented, intrusion detection systems have become necessary to ensure the security of a network. The intrusion detection systems need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's network environments, the design of an intrusion detection system has become a very challenging task. A great deal of research has been conducted on intrusion detection in a distributed environment to circumvent the problems of centralized approaches. However, distributed intrusion detection systems suffer from a number of drawbacks e.g., high rates of false positives, low efficiency etc. In this paper, we propose the architecture of a fully distributed intrusion detection system that uses a set of autonomous but cooperating agents. The system has also the capability of isolating compromised nodes from intrusion detection activity thereby ensuring fault-tolerance in computation.
An Architecture of a Distributed Intrusion Detection System Using Cooperating Agents
Proceedings of the International Conference on Computing and Informatics (ICOCI ’06), pp. 1-6. Computer and Security Track, June 6-8, 2006, Kuala Lumpur, Malaysia. Paper ID: 007, 2006
An Intrusion Detection System (IDS) is a security mechanism that is expected to monitor and detect intrusions into the computer systems in real time. The currently available intrusion detection systems have a number of problems that limit their configurability, scalability, and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. In this paper, we propose a distributed architecture with autonomous and cooperating agents without any central analysis component. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in design of an IDS in terms of scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. We have developed a proof-of-concept prototype, and conducted experiments on the system. The results show the effectiveness of our system in detecting intrusive activities in any network of workstations.
A Distributed Intrusion Detection System Using Cooperating Agents
Proceedings of the 3rd International Conference on Information Processing (ICIP’09), August 7 – 9, Bangalore, 2009, Editors: L.M. Patnaik and K.R. Venugopal, pp. 559 – 568. , 2009
The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. However, these distributed intrusion detection systems are not fully distributed as most of them centrally analyze data collected from distributed nodes which may lead to a single point of failure. In this paper, a distributed intrusion detection architecture is presented that is based on autonomous and cooperating agents without any centralized analysis components. The agents cooperate by using a hierarchical communication of interests and data, and the analysis of intrusion data is made by the agents at the lowest level of the hierarchy. This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. A proof-of-concept prototype is developed and experiments have been conducted on it. The results show the effectiveness of the system in detecting intrusive activities.
An adaptive distributed Intrusion detection system architecture using multi agents
International Journal of Electrical and Computer Engineering (IJECE), 2019
Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the iden...
An Agent-Based Intrusion Detection System for Local Area Networks
International Journal of Communication Networks and Information Security (IJCNIS), Vol 2, No 2, pp. 128 – 140, August 2010, 2010
Since it is impossible to predict and identify all the vulnerabilities of a network beforehand, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities to ensure the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days’ networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has a high detection efficiency and low false positives compared to some of the currently existing systems.
Distributed and scalable intrusion detection system based on agents and intelligent techniques
2010
Abstract—The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed.