Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection

Intrusion detection systems (IDSs) are usually deployed within the confines of an organization. There is usually no exchange of information between an IDS in one organization with those in other organizations. The effectiveness of IDSs at detecting present-day sophisticated attacks would increase significantly if there are inter-organizational communication and sharing of information among IDSs. We envision a global Internet-scale defense infrastructure, which we call the Intrusion Detection Force (IDF), that would protect organizations and defend the Internet as a whole. The paper provides a blueprint of the IDF, where we discuss the requirements to deploy such an infrastructure, and describe its architecture and design in terms of its basic building blocks and major components. We also describe a few at:applications of the IDF architecture, and provide a small experimental prototype that we are currently extending as part of our vision to implement the full IDF infrastructure.

[1]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[2]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[3]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[4]  Nancy R. Mead,et al.  Survivability: Protecting Your Critical Systems , 1999, IEEE Internet Comput..

[5]  Yuliang Zheng,et al.  Secure and automated software updates across organizational boundaries , 2002 .

[6]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[7]  Gail-Joon Ahn,et al.  Dynamic and risk-aware network access management , 2003, SACMAT '03.

[8]  BeguelinAdam,et al.  Application Level Fault Tolerance in Heterogeneous Networks of Workstations , 1997 .

[9]  Andrew Hutchison,et al.  Interfacing Trusted Applications with Intrusion Detection Systems , 2001, Recent Advances in Intrusion Detection.

[10]  Giovanni Vigna,et al.  Designing a Web of Highly-Configurable Intrusion Detection Sensors , 2001, Recent Advances in Intrusion Detection.

[11]  Christopher Krügel,et al.  Distributed Pattern Detection for Intrusion Detection , 2002, NDSS.

[12]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[13]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[14]  Israel Koren,et al.  Application-Level Fault Tolerance as a Complement to System-Level Fault Tolerance , 2000, The Journal of Supercomputing.

[15]  John L. Cole,et al.  Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03), March 24, 2003, Darmstadt, Germany , 2003, IWIA.

[16]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[17]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[18]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[19]  Ben Y. Zhao,et al.  An Infrastructure for Fault-tolerant Wide-area Location and Routing , 2001 .

[20]  James F. Doyle,et al.  Peer-to-Peer: harnessing the power of disruptive technologies , 2001, UBIQ.

[21]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[22]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[23]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.