An efficient architecture for distributed intrusion detection system

Due to increasing number of network attacks, it is highly crucial to equip networks with an intrusion detection system (IDS). These systems must be able to deal with today's high speed and large scale networks. In this paper we propose a distributed IDS that performs both data capturing and data analyzing in a distributed fashion. This distributed mechanism enables our system to effectively operate within large scale and high traffic rate networks. We developed a grouping mechanism which divides computers in the network into subsets of computers with a leader and a few members. Subsequently, using a data sharing mechanism we were able to detect distributed attacks. Our data sharing mechanism added an overhead on the network traffic which is negligible compared to the overall network traffic. We simulated our method in NS2 simulation environment. Then we compared our proposed system with a centralized IDS in terms of detection rate, memory usage and packet loss rate. Results showed that our system's performance was better despite of some extra load imposed by distribution of data processing.

[1]  Yasir Saleem,et al.  Network Simulator NS-2 , 2015 .

[2]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[3]  Eduardo Magaña,et al.  Sampling time-dependent parameters in high-speed network monitoring , 2006, PM2HW2N '06.

[4]  Meysam Alikhani,et al.  Dynamic anomaly detection by using incremental approximate PCA in AODV-based MANETs , 2013 .

[5]  Burkhard Stiller,et al.  DiCAP: Distributed Packet Capturing architecture for high-speed network links , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[6]  Yu Lin,et al.  Easily-Implemented Adaptive Packet Sampling for High Speed Networks Flow Measurement , 2006, International Conference on Computational Science.

[7]  James Won-Ki Hong,et al.  The Architecture of NG-MON: A Passive Network Monitoring System for High-Speed IP Networks , 2002, DSOM.

[8]  Vidar Slåtten,et al.  Modeling a distributed intrusion detection system using collaborative building blocks , 2011, SOEN.

[9]  H. S Mruthyunjaya,et al.  Efficient Path Finding Algorithm for Transmission of Data in Agricultural Field Using Wireless Sensor Network , 2012, IAIT 2012.

[10]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[11]  Jennifer C. Hou,et al.  An In-Depth, Analytical Study of Sampling Techniques for Self-Similar Internet Traffic , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[12]  Joanne Treurniet,et al.  A Network Activity Classification Schema and Its Application to Scan Detection , 2011, IEEE/ACM Transactions on Networking.