Abstract
The two important problems of collaborative intrusion detection are aggregation and correlation of intrusion events. The enormous amount of data generated by detection probes requires significant network and computational capacity to be processed. In this article we show that a distributed hash table based approach can reduce both network and computational load of intrusion detection, while providing almost the same accuracy of detection as centralized solutions. The efficiency of data storage can be improved by selecting Kademlia as the underlying overlay network topology, as its routing can easily adapt to the dynamic properties of such an application.
Keywords
- peer-to-peer
- intrusion detection system
- collaborative intrusion detection
- attack correlation
- attack aggregation
Download conference paper PDF
References
Snort – open-source intrusion detection system, http://www.snort.org/
Androutsellis-Theotokis, S., Spinellis, D.: A survey of peer-to-peer content distribution technologies. ACM Computing Surveys (CSUR) 36(4), 335–371 (2004)
Cuppens, F., Ortalo, R.: LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)
Czirkos, Z., Hosszú, G.: Peer-to-peer Based Intrusion Detection. Infocommunications Journal LXIV(I), 3–10 (2009)
Czirkos, Z., Tóth, L.L., Hosszú, G., Kovács, F.: Novel Applications of the Peer-to-Peer Communication Methodology. Journal on Information Technologies and Communications E-1(1(5)), 59–70 (2009)
Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Duffield, N., Haffner, P., Krishnamurthy, B., Ringberg, H.: Rule-based anomaly detection on ip flows. In: IEEE INFOCOM 2009, pp. 424–432. IEEE (2009)
Janakiraman, R., Waldvogel, M., Zhang, Q.: Indra: A Peer-to-peer Approach to Network Intrusion Detection and Prevention. In: Proceedings of Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2003, pp. 226–231. IEEE (2003)
Karger, D., Lehman, E., Leighton, T., Panigrahy, R., Levine, M., Lewin, D.: Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide web. In: Proceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, STOC 1997, pp. 654–663. ACM, New York (1997)
Kemmerer, R.: Nstat: A model-based real-time network intrusion detection system. University of California-Santa Barbara Technical Report TRCS97 18 (1997)
Kemmerer, R., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), 27–30 (2002)
Krishnamurthy, S., El-Ansary, S., Aurell, E., Haridi, S.: A Statistical Theory of Chord Under Churn. In: van Renesse, R. (ed.) IPTPS 2005. LNCS, vol. 3640, pp. 93–103. Springer, Heidelberg (2005)
Maymounkov, P., Mazières, D.: Kademlia: A Peer-to-peer Information System Based on the XOR Metric (2002)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Security & Privacy 1(4), 33–39 (2003)
Stoica, I., Morris, R., Karger, D., Kaashoek, M., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM Computer Communication Review 31(4), 149–160 (2001)
Templeton, S., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 31–38. ACM (2001)
Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 54–68 (October 2001)
Vlachos, V., Spinellis, D.: A PRoactive Malware Identification System based on the Computer Hygiene Principles. Information Management and Computer Security 15(4), 295–312 (2007)
Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the domino overlay system. In: Proceedings of NDSS (2004)
Zhou, C.V., Karunasekera, S., Leckie, C.: A Peer-to-Peer Collaborative Intrusion Detection System. In: 13th IEEE International Conference on Networks, vol. 1, p. 6. IEEE (2006)
Zhou, C., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29(1), 124–140 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Czirkos, Z., Hosszú, G. (2012). Enhancing Collaborative Intrusion Detection Methods Using a Kademlia Overlay Network. In: Szabó, R., Vidács, A. (eds) Information and Communication Technologies. EUNICE 2012. Lecture Notes in Computer Science, vol 7479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32808-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-32808-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32807-7
Online ISBN: 978-3-642-32808-4
eBook Packages: Computer ScienceComputer Science (R0)
