Agent-Based Distributed Intrusion Alert System

Autor: Sandip Sen, Arjita Ghosh
Rok vydání: 2004
Předmět:
Zdroj: Distributed Computing-IWDC 2004 ISBN: 9783540240761
IWDC
DOI: 10.1007/978-3-540-30536-1_28
Popis: Intrusion detection for computer systems is a key problem in today’s networked society. Current distributed intrusion detection systems (IDSs) are not fully distributed as most of them centrally analyze data collected from distributed nodes resulting in a single point of failure. Increasingly, researchers are focusing on distributed IDSs to circumvent the problems of centralized approaches. A major concern of fully distributed IDSs is the high false positive rates of intrusion alarms which undermine the usability of such systems. We believe that effective distributed IDSs can be designed based on principles of coordinated multiagent systems. We propose an Agent-Based Distributed Intrusion Alert System (ABDIAS) which is fully distributed and provides two capabilities in addition to other functionalities of an IDS: (a) early warning when pre-attack activities are detected, (b) detecting and isolating compromised nodes by trust mechanisms and voting-based peer-level protocols.
Databáze: OpenAIRE