分布式入侵检测系统的协同架构

Safaa Zaman, F. Karray
{"title":"分布式入侵检测系统的协同架构","authors":"Safaa Zaman, F. Karray","doi":"10.1109/CISDA.2009.5356567","DOIUrl":null,"url":null,"abstract":"Due to the rapid growth of network technologies and substantial improvement in attack tools and techniques, a distributed Intrusion Detection System (dIDS) is required to allocate multiple IDSs across a network to monitor security events and to collect data. However, dIDS architectures suffer from many limitations such as the lack of a central analyzer and a heavy network load. In this paper, we propose a new architecture for dIDS, called a Collaborative architecture for dIDS (C-dIDS), to overcome these limitations. The C-dIDS contains one-level hierarchy dIDS with a non-central analyzer. To make the detection decision for a specific IDS module in the system, this IDS module needs to collaborate with the IDS in the lower level of the hierarchy. Cooperating with lower level IDS module improves the system accuracy with less network load (just one bit of information). Moreover, by using one hierarchy level, there is no central management and processing of data so there is no chance for a single point of failure. We have examined the feasibility of our dIDS architecture by conducting several experiments using the DARPA dataset. The experimental results indicate that the proposed architecture can deliver satisfactory system performance with less network load.","PeriodicalId":6407,"journal":{"name":"2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications","volume":"26 1","pages":"1-7"},"PeriodicalIF":0.0000,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Collaborative architecture for distributed intrusion detection system\",\"authors\":\"Safaa Zaman, F. Karray\",\"doi\":\"10.1109/CISDA.2009.5356567\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the rapid growth of network technologies and substantial improvement in attack tools and techniques, a distributed Intrusion Detection System (dIDS) is required to allocate multiple IDSs across a network to monitor security events and to collect data. However, dIDS architectures suffer from many limitations such as the lack of a central analyzer and a heavy network load. In this paper, we propose a new architecture for dIDS, called a Collaborative architecture for dIDS (C-dIDS), to overcome these limitations. The C-dIDS contains one-level hierarchy dIDS with a non-central analyzer. To make the detection decision for a specific IDS module in the system, this IDS module needs to collaborate with the IDS in the lower level of the hierarchy. Cooperating with lower level IDS module improves the system accuracy with less network load (just one bit of information). Moreover, by using one hierarchy level, there is no central management and processing of data so there is no chance for a single point of failure. We have examined the feasibility of our dIDS architecture by conducting several experiments using the DARPA dataset. The experimental results indicate that the proposed architecture can deliver satisfactory system performance with less network load.\",\"PeriodicalId\":6407,\"journal\":{\"name\":\"2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications\",\"volume\":\"26 1\",\"pages\":\"1-7\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CISDA.2009.5356567\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CISDA.2009.5356567","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 16

摘要

随着网络技术的飞速发展和攻击工具和技术的不断进步,分布式入侵检测系统(dIDS)需要在网络中分配多个入侵检测系统来监控安全事件和收集数据。然而,dIDS体系结构受到许多限制,例如缺乏中央分析器和繁重的网络负载。在本文中,我们提出了一种新的dIDS体系结构,称为dIDS的协作体系结构(C-dIDS),以克服这些限制。C-dIDS包含带有非中心分析器的一级层次dIDS。为了对系统中的特定IDS模块做出检测决策,该IDS模块需要与层次结构中较低级别的IDS协作。配合底层IDS模块,以更少的网络负载(仅需1位信息)提高系统精度。此外,通过使用一个层次结构级别,不需要对数据进行集中管理和处理,因此不会出现单点故障。通过使用DARPA数据集进行几个实验,我们已经检查了我们的dIDS架构的可行性。实验结果表明,该架构能够在较小的网络负载下提供令人满意的系统性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Collaborative architecture for distributed intrusion detection system
Due to the rapid growth of network technologies and substantial improvement in attack tools and techniques, a distributed Intrusion Detection System (dIDS) is required to allocate multiple IDSs across a network to monitor security events and to collect data. However, dIDS architectures suffer from many limitations such as the lack of a central analyzer and a heavy network load. In this paper, we propose a new architecture for dIDS, called a Collaborative architecture for dIDS (C-dIDS), to overcome these limitations. The C-dIDS contains one-level hierarchy dIDS with a non-central analyzer. To make the detection decision for a specific IDS module in the system, this IDS module needs to collaborate with the IDS in the lower level of the hierarchy. Cooperating with lower level IDS module improves the system accuracy with less network load (just one bit of information). Moreover, by using one hierarchy level, there is no central management and processing of data so there is no chance for a single point of failure. We have examined the feasibility of our dIDS architecture by conducting several experiments using the DARPA dataset. The experimental results indicate that the proposed architecture can deliver satisfactory system performance with less network load.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Evolving spiking neural networks: A novel growth algorithm corrects the teacher Emitter geolocation using low-accuracy direction-finding sensors Secure two and multi-party association rule mining Passive multitarget tracking using transmitters of opportunity Bias phenomenon and analysis of a nonlinear transformation in a mobile passive sensor network
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1