Indra: A Distributed Approach to Network Intrusion Detection and Prevention

While advances in computer and communications technology have made the network ubiquitous, they ahve also rendered networked systems vulnerable to malicious attacks orchestrated from a distance. These attacks, usually called cracker attacks or intrusions, start with crackers infiltrating a network through a vulnerable host and then going on to launch further attacks. Crackers depend on increasingly sophisticated techniques like using distributed attack sources. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targetable single point of failure. Scalable, distributed network intrusion prevention software is sorely needed. We propose Indra a distributed scheme that depends on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We futher describe a plugin mechanism that enables an administrator to simultaneously plug weaknesses in thousands of machines with a single E-Mail. ... Read complete abstract on page 2.

[1]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[2]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[3]  Dinesh C. Verma,et al.  ALMI: An Application Level Multicast Infrastructure , 2001, USITS.

[4]  Sneha Kumar Kasera,et al.  Scalable reliable multicast using multiple multicast groups , 1997, SIGMETRICS '97.

[5]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[6]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[8]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[9]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .