A trust aware peer-to-peer based overlay architecture for intrusion detection
(English)Manuscript (preprint) (Other academic)
Traditional intrusion detection systems (IDS) are centralized and focused on protecting well bounded network regions. In contrast, current Internet attacks are highly distributed, spanning very large and dispersed regions of the Internet. This renders the deployed intrusion detection approaches inferior and limited in comparison to the attackers' capabilities. In this paper we propose a novel trust-aware peer-to-peer (P2P) based Overlay IDS architecture which is able tocoordinate and concert the detection capabilities of individual and formerly isolated IDSs, thereby increasing the overall effectiveness againstcurrent Internet attacks. The Overlay lDS is fully decentralized, thus avoiding the single point of failure problem characteristic to many other distributed lDS solutions. Moreover, we design an adaptive trust management mechanism which makes the Overlay IDS resilient to possible malicious peers infiltrating the overlay network. We have implemented our proposed Overlay lDS using JXTA P2P framework and we have evaluated its effectiveness for preventing the spread of a real Internet worm over an emulated network. As indicated by the evaluationresults, the use of our Overlay IDS significantly increases the overall survival rate of the network.
Engineering and Technology
IdentifiersURN: urn:nbn:se:liu:diva-86193OAI: oai:DiVA.org:liu-86193DiVA: diva2:575550