Distributed Intrusion Detection Systems – MetalDS case study

The “Defence in depth” strategy for securing computer systems claims that technologies used to protect a network should fulfill the “Protect, Detect and React” paradigm. “This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools” [1]. This paper presents MetaIDS – the Intrusion Detection System developed in Poznan Supercomputing and Networking Center. It detects both attack attempts and successful attacks to the system. The paper highlights typical problems with intrusions detection, principle of the MetaIDS work and real attack example seen from the perspective of MetaIDS.