LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

WU Ji-yi,PING Ling-di,FAN Rong,Zhijie Lin

2008-01-01

Abstract:With the increasing demand of computer networks security,the distributed intrusion detection technology becomes an important research area.However,the traditional distributed intrusion detection systems have some shortcomings in certain aspects,such as distributivity,flexibility,interoperability,detecting efficiency,and insider threat avoidance etc.To deal with the insider threat more effectively,P2P overlay IDS based on an adaptive trust alert correlation was proposed.Under JXTA P2P framework,a P2P overlay IDS prototype system was implemented,and its effectiveness to prevent the spread of a real Internet worm was evaluated over an emulated network.The experiment results show the P2P overlay IDS significantly increases the overall survival rate of vulnerable peers in network.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Jin Shu,Liu Fengyu,Xu Manwu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.09.036

2006-01-01

Abstract:Playing an increasingly important role in security protection of many information systems in the Internet,the intrusion detection system(IDS) becomes a hotspot of research interests nowadays.Yet the performance issues of an IDS have not been paid enough attention.By employing the Peer-to-Peer(P2P) model,which is considered a promising approach to solve many problems in a distributed environment,we have presented in this paper a distributed network intrusion detection system named PeerIDS-an IDS solution values the properties of feasibility,durability and scalability most.Viewing the problem from a different perspective as against its counterparts,PeerIDS will provide the networked computation environment with robust and scalable protection while still stays efficient with the bursting of both types and traffic of malicious attacks through automatically and evenly distribute the intrusion detection Workload among all the cooperating PeerIDS instances.Compared with many other distributed intrusion detection approaches,no single point of failure can be found in a farm of synergized PeerIDS instances.Moreover,PeerIDS entails almost no additional administration work after the installation and first time setup.

YANG Bo,CHEN Shu-yu

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.15.014

2007-01-01

Abstract:The characteristics of distributed intrusion is illustrated by the thesis,the concept about P2P is introduced,including the growing applications,development status and differences between P2P and C/S.Each subsystem of IDS are connected by P2P in order to share in intrusion message.On the basis of the common intrusion detection framework architecture,a new distributed IDS model is put forward and their functional modules are designed,especially,communication module of IDS are introduced in detail.

DING Guo-liang,WANG Xi-wu,CHEN Kai-yan,WANG Jia-zhen

DOI: https://doi.org/10.3969/j.issn.1001-9383.2006.01.004

2006-01-01

Abstract:The problems of existing Intrusion detection system(IDS)is analyzed,a kind of distributed architecture of uniting the level and equal structures,is put forward,and the realizations of detection agent and communication protocol are given.The experiments proves this the system may carry out intrusion detection under distributed net- work environment.

Zhang Xiaosong,Chen Ting,Ma Yue,Li Hua

DOI: https://doi.org/10.1109/ICFIN.2009.5339561

2009-01-01

Abstract:This paper proposes a model of intrusion detection based on peer-to-peer (p2p) mechanism. The crux of our research is that quantitatively analyze the response rate of the global intrusion detection system (IDS). The principal approaches are modeling, deduction and numerical simulation. Theoretical proof and experiments demonstrate that our model is reliable and robust. Based on this model, we draw the following conclusions. First, this model is insensitive to network scale so it is adaptable to large-scale network. Second, response rate depends mostly on peer's degree. Third, our model does not care about how many peers are aware of intrusion in the beginning. In a word, with proper parameters our model can achieve an extremely rapid response rate.

蔡洪民,伍乃骐,陈素,陈沁群

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.06.053

2009-01-01

Abstract:With the great development of computer network,the network security problem becomes more serious,the single IDS can not meet the needs of network security,so the DIDS comes forth.A distributed intrusion detection system is brought forward,the inverted connection technology of the rebound Trojan horse is applied to the communication between agents and server,the agents adopt multi-thread technology to capture the packets,and it can detect the Trojan horse by the incorporation of the system process and the port communication.The server can deploy the uniform tactics to the agents and it can monitor the agents in real time,and so the DIDS en-hances the network security.

Hongmin Cai,Naiqi Wu

DOI: https://doi.org/10.1109/WCINS.2010.5541796

2010-01-01

Abstract:With the fast development of computer network, the problem of network security becomes more and more serious. The single firewall can not solve the problem entirely and an intrusion detection system is helpful. This paper presents the design and development of a distributed intrusion detection system to protect the network security. Experiments shows that it works well.

KANG Song-lin,FAN Xiao-ping,FEI Hong-xiao,HU Ci-yuan,SUN Yong-xin

DOI: https://doi.org/10.3969/j.issn.1672-7207.2007.06.028

2007-01-01

Abstract:Combined network management system with intrusion detection system(IDS),the architecture of distributed intrusion detection system based on management agent was established.Good properties such as autonomy,cooperativity,communication mechanism among management agent were studied.Function structure of management agent was established and scheduling agent algorithm was also designed based on genetic algorithm.Management objects related to intrusion detection in management information base(MIB) were analyzed to form rules from different network levels.A distributed intrusion detection system with hierarchical structure and self-security was designed to monitor the running context of the system,and the rules were mined in intrusion detection from MIB according to the essence of network attack.The result shows that this method is efficient enough to meet the need of active detect complex intrusion.

Guangchun Luo

2007-01-01

Abstract:Intrusion detection is an important way of secure information. One of the key problems of intrusion detection is the validity and efficiency of detection algorithms. This paper products a distributed IDS model based on N-P principle and discusses how to implement it. By colligating each kind of local strategy, the simulation verifies that the validity of IDS can be improved, the rate of fake alarm can be lowered down at the same time, and the reliability of decision-making is promoted indeed.

刘科,韩宗芬,卢毅军,金海

DOI: https://doi.org/10.3321/j.issn:1671-4512.2001.11.017

2001-01-01

Abstract:Aiming at the new architecture of distributed computing and cluster server, this paper proposes Distributed Micro-intrusion System. It distributes M-IDS(Micro-Intrusion detection system) to every nodes of the protected sub-network. M-IDS can not only detect direct intrusion independently, but can also detect collaborative intrusion cooperated with central Processing node. In order to have self-adaptability while at the same time having the advantages of Misuse Detection, a misuse detection technique based on neural network is introduced.

Chenlin Huang,Hui Zhao,Huaping Hu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.06.017

2001-01-01

Abstract:Intrusion Detection(ID)is an important aspect in network security technology. As to enterprises′ Intranet,the approaches of layered filtration,distributed processing,hierachical management,security communication and autonomous agent are adopted to our architecture to put forward a Hierachical Intrusion Detection System Based on Distributed Autonomous Agents,and the architecture and the detailed design of the IDS are presented. The IDS has the desirable characteristics of real-time detection,real-time response,in-time recovery,robustness and scalahility and so on.

Xiaoping Yang,Yu Dou

DOI: https://doi.org/10.1109/wcica.2004.1342340

2004-01-01

Abstract:To overcome some problems related to current Intrusion Detection System (IDS), such as high false negative and false positive rate, complex configuration, high cost and the inability to cooperate among components in the system, authors proposed a distributed IDS prototype. The system consists of control centers, proxies and sensors. In conjunction, authors also proposed a special communication protocol, CDIDSTP for the transparent communication between control centers and sensors via proxy. Combining carefully designed sensors and modulated IDS functions, an effective, highly auto-configurable IDS is implemented. In addition, the modulated IDS functions make the cooperation of same functional components within sensor possible.

An, Lei

DOI: https://doi.org/10.1007/s10586-024-04487-3

2024-05-12

Cluster Computing

Abstract:The commonly used method for network intrusion is based on pattern matching systems, but these systems do not have high detection accuracy when facing large-scale high-speed network traffic environments. In addition, when facing a wide variety of network attacks, relying solely on a certain network security technology is difficult to ensure network security. Therefore, a distributed network intrusion prevention system based on the Spark framework and dynamic information security theory model was innovatively proposed to improve the detection efficiency of network intrusion and solve these issues. The architecture and functional structure of the network intrusion prevention system were constructed by improving the random forest algorithm and Spark. In addition, the dynamic network intrusion prevention system was designed on the basis of the Policy Protection Detection Response (P2DR) model and the Protection Detection Reaction Recovery (PDRR) model to cope with the diverse network attacks and make up for the lack of dynamic defense based on improved forest algorithm and Spark. The test results showed that the network intrusion prevention system based on the improved random forest algorithm and Spark had a maximum detection time of 13,593 ms, a minimum detection time of 13,318 ms, and an average detection time of 13,468 ms when the data were 6000 pieces. The average success rate of the dynamic network intrusion prevention system based on the dynamic information security theory model was 87.72%, the average detection rate was 71.68%, and the average false alarm rate was 17.23%. The F1 values corresponding to the improved random forest algorithm under 7 different attack types of data were 0.985, 0.983, 0.876, 0.843, 0.797, 0.983, and 0.890, respectively, which were significantly better than the comparison algorithm. It can be seen that the dynamic network intrusion prevention system based on the improved random forest algorithm, Spark, and the dynamic information security theoretical model, has good performance and can effectively detect network intrusions, providing technical support for solving network intrusion problems in reality. The contribution of the research is reflected in the improvement of the detection performance of network intrusion detection systems and the reduction of detection time and false alarm rates.

computer science, information systems, theory & methods

段海新,吴建平

DOI: https://doi.org/10.13328/j.cnki.jos.2001.09.015

2001-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:An integrative taxonomy for intrusion detection technologies is proposed, which can specify accurately existing intrusion detection methods. Aiming at multiple-domain environments, a distributed cooperative intrusion detection system (DCIDS) is designed, which implements cooperative intrusion detection through efficient, secure information exchange among IDSes in different domain. The architecture of intrusion detection systems is described, as well as its four components: sensor, analyzer, manager and user-interface. Some key issues are also discussed, including secure communication and selection of detection places.

Jun Gao,Weiming Hu,Xiaoqin Zhang,Xi Li

DOI: https://doi.org/10.1109/wi-iat.2009.113

2009-01-01

Web Intelligence

Abstract:Due to the increasing demands for network security, distributed intrusion detection has become a hot research topic in computer science. However, the design and maintenance of the intrusion detection system (IDS) is still a challenging task due to its dynamic, scalability, and privacy properties. In this paper, we propose a distributed IDS framework which consists of the individual and global models. Specifically, the individual model for the local unit derives from Gaussian Mixture Model based on online Adaboost algorithm, while the global model is constructed through the PSO-SVM fusion algorithm. Experimental results demonstrate that our approach can achieve a good detection performance while being trained online and consuming little traffic to communicate between local units.

石云,陈蜀宇

DOI: https://doi.org/10.3969/j.issn.1671-055x.2008.06.007

2008-01-01

Abstract:With the rapid development of information technology and Internet, the security problem of computer network and information system have become more and more serious. Most conventional security techniques are static mechanism and are limited to Protection phase, which can't satisfy the increasing demand for network security. As a primary technique in detection part of P2DR model, Intrusion Detection System (IDS) can efficiently recognize and respond to the actions of the network and the hosts actively. Thus it can detect intrusion and misuse to provide a sufficient protection to network security. This thesis proposes a Mixed Intrusion Detection System (MIDS). MIDS combines data from the network and the key hosts as its source, constructing MIDS with dynamic extensible modules.