Full Text

Abstract

Intrusion is defined as a set of actions that attempt to compromise the integrity, confidentiality or availability of a information resources. An intrusion detection system (IDS) monitors network traffic or system logs for suspicious activity and alerts the system or network administrator. The current intrusion detection systems have a number of problems that limit their configurability, scalability and efficiency. There have been some propositions about distributed architectures based on multiple independent agents working collectively for intrusion detection. A Distributed IDS (DIDS) consists of several IDS over a large network (s), all of which communicate with each other, or with a central server that facilitates advanced monitoring. In a distributed environment, DIDS are implemented using cooperative intelligent agents distributed across the network(s). On the basis of analyzing the existing intrusion detection system (IDS) based on agent, this paper proposes architecture for distributed Intrusion Detection System where comprehensive data analysis is executed in a centralized computing environment. The proposed architecture is able to efficiently handle large volumes of collected data and consequent high processing loads. Experiments proved that the system could complete the intrusion detection tasks by making full use of various resources collaboratively, and thus the detection speed and accuracy of the system could be improved.

References

1. S. Ghemawat, H. Gobioff, and S. Leung, The Google file system, ACM SOSP, 2003.

2. Yeonhee Lee and Youngseok Lee. 2012. Toward scalable internet traffic measurement and analysis with Hadoop. SIGCOMM Comput. Commun. Rev. 43, 1 (January 2012), 5-13. DOI=10.1145/2427036 .2427038 http:// doi.acm.org/10.1145 /2427036.2427038

3. S Staniford-Chen, S Cheung, R Crawford, M Dilger, J Frank, J Hoagland, K Levitt, C Wee, R Yipi, D Z Erkle, “GriDS – a large scale intrusion detection system for large networks”, Proceedings 19th National Information Security Conference, Vol. 1, pp. 361-370, 1996.

4. S R Snapp, J Bretano, G V Diaz, T L Goan, L T Heberlain, C Ho , K N Levitt, B Mukherjee, S E Smaha, T Grance, D M Teal, D Mansur, “DIDS (Distributed Intrusion Detection System) – motivation architecture and an early prototype”, Proceedings 14th National Computer Security Conference, Washington DC, October, pp. 167-176, 1999.

5. R A Kemmerer, “NSTAT: a Model-based Real-time Network Intrusion Detection System”, Technical Report TRCS97-18, Reliable Software Group, Department of Computer Science, University of California at Santa Barbara, 1997.

6. P A Porras, P G Neumann, “EMERALD: event monitoring enabling response to anomalous live disturbances”, Proceedings 20th National Information Security Conference, NIST 1997.

7. Konstantin Shvachko, Hairong Kuang, Sanjay Radia, and Robert Chansler, “The Hadoop Distributed File System,” IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST), pp.1-10, 2010.

8. Nathan Einwechter,” An Introduction To Distributed Intrusion Detection Systems”, Security, Endpoint Protection (AntiVirus), SecurityFocus, 2001 (http://www.symantec.com /connect/articles/introduction- distributed-intrusion- detection-systems)

9. Jeong Jin Cheon and Tae-Young Choe, “Distributed Processing of Snort Alert Log using Hadoop”, IJET,Vol 5, No-3, Page 2685-2690, Jun-Jul 2013,

10. J. Dean and S. Ghemawat, MapReduce: Simplified Data Processing on Large Cluster, USENIX OSDI,2004.

11. Hadoop, http://hadoop.apache.org/.

12. Holtz, Marcelo D. ; Bernardo David ; Sousa Jr., R. T. . Building Scalable Distributed Intrusion Detection Systems Based on the MapReduce Framework. Telecomunicacoes (Santa Rita do Sapucai), v. 13, p. 22-31, 2011.

13. E H Spafford, D Zamboni, “Intrusion detection using autonomous agents”, Computer Networks, 34, pp. 547-570, 2000

14. H.Debar, M. Dacier, and A. Wespi, “Towards a taxonomy of Intrusion Detection Systems”, Computer Networks, vol 31, n0. 8, pp. 805-822, 1999.

15. A Mouinji, B L Charlier, D Zampunieris, N Habra, “Distributed Audit Trail Analysis”, Proceedings of the ISOC 95 Symposium on Network and Distributed System Security”, pp. 102- 112, 1995

16. ApacheTM Hadoop@ homepage, http://hadoop.apache.org/.

17. Axelsson, Stefan. Intrusion detection systems: A survey and taxonomy. Vol. 99. Technical report, 2000.

Keywords

Intrusion Detection System (IDS), Distributed Intrusion Detection System (DIDS), Intrusion Detection Message Exchange Format (IDMEF).