The Architecture of the Large-scale Distributed Intrusion Detection System

High-speed, large-scale networks present new challenges to an intrusion detection system. These challenges include: the volume of data that must be analyzed, the high-speed data stream that IDS must deal with. To adapt these new demands, this paper propose a novel architecture for Large-scale Distributed Intrusion Detection Systems(LDIDS) that can be applied to large-scale networks. This architecture is based on hierarchy, which consists of a root node, several branch nodes and leaf nodes. In this architecture, each node is an independent IDS, all IDSs constituting the whole LDIDS. The main advantage of this architecture is scalability and collaboration. We describe the framework of the nodes in detail. We also present an implementation of LDIDS which is designed according to the architecture.

[1]  Depei Qian,et al.  Multi-agent based intrusion detection architecture , 2001, Proceedings 2001 International Conference on Computer Networks and Mobile Computing.

[2]  Pingzhi Fan,et al.  Proceedings of the 5th international conference on Parallel and Distributed Computing: applications and Technologies , 2004 .

[3]  Gail-Joon Ahn,et al.  Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[4]  Jizhou Sun,et al.  The design of a distributed network intrusion detection system IA-NIDS , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[5]  Thomas D. Tarman,et al.  A novel scaleable architecture for intrusion detection and mitigation in switched networks , 2002, MILCOM 2002. Proceedings.