LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

WU Ji-yi,PING Ling-di,FAN Rong,Zhijie Lin

2008-01-01

Abstract:With the increasing demand of computer networks security,the distributed intrusion detection technology becomes an important research area.However,the traditional distributed intrusion detection systems have some shortcomings in certain aspects,such as distributivity,flexibility,interoperability,detecting efficiency,and insider threat avoidance etc.To deal with the insider threat more effectively,P2P overlay IDS based on an adaptive trust alert correlation was proposed.Under JXTA P2P framework,a P2P overlay IDS prototype system was implemented,and its effectiveness to prevent the spread of a real Internet worm was evaluated over an emulated network.The experiment results show the P2P overlay IDS significantly increases the overall survival rate of vulnerable peers in network.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Zhang Yunpeng,Hu Fei,Ma Chunyan,Lu Wei,Li Mei

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.045

2005-01-01

Abstract:This paper establishes and accomplishes the intrusion detection system,SC-IDS.It combines the knowledge-based IDS and anomaly-based IDS into a system,it accords with P2DR model and the distributed framework.It surmounts the shortcoming of traditional ways of detection,for example,high false positive and false negative rate;can't adapt large-scale network;can't cooperate with other security product etc.It gains a good effect after operation.

Zhang Xiaosong,Chen Ting,Ma Yue,Li Hua

DOI: https://doi.org/10.1109/ICFIN.2009.5339561

2009-01-01

Abstract:This paper proposes a model of intrusion detection based on peer-to-peer (p2p) mechanism. The crux of our research is that quantitatively analyze the response rate of the global intrusion detection system (IDS). The principal approaches are modeling, deduction and numerical simulation. Theoretical proof and experiments demonstrate that our model is reliable and robust. Based on this model, we draw the following conclusions. First, this model is insensitive to network scale so it is adaptable to large-scale network. Second, response rate depends mostly on peer's degree. Third, our model does not care about how many peers are aware of intrusion in the beginning. In a word, with proper parameters our model can achieve an extremely rapid response rate.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Kun Xiao,Ji Zheng,Xin Wang,Xiangyang Xue

DOI: https://doi.org/10.1109/pdcat.2005.34

2005-01-01

Abstract:MANETs are composed of mobile nodes without any infrastructure and nodes cooperate to set up routes for network communications. Because of these characters, MANETs operate in open medium, so they are particularly vulnerable to intrusions. In this paper, we present an efficient intrusion detection system called MAPIDS (Mobile Agent-based Peer-to-peer Intrusion Detection System). On detecting a suspicious activity, MAPIDS initiates a voting approach to make a collective decision and take further action. In contrast to other intrusion detection system based on collective decision, MAPIDS saves more bandwidth and energy and it is immune to sparse nodes problem.

Xiao-ning KANG,Dong-xing JIANG,Cheng ZHANG,Qi-xin LIU,Lin ZHOU,Hai-yan WU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.11.014

2005-01-01

Abstract:Network security is getting more important as the Internet evolves.Attacks like DoS,DDoS have become major attack methods on gigabit networks,not to mention the worms have used up network bandwidth.Traditional IDSes could not handle massive network data efficiently or block detected attacks in time.Focusing on those problems,this paper designed a distributed intrusion detection and blocking system which can run on high-speed networks efficiently,which is also known as IPS(Intrusion Prevention System).

Zhenyu Shi,Shibo He,Jingchen Sun,Tao Chen,Jiming Chen,Hairong Dong

DOI: https://doi.org/10.1109/tiv.2022.3166911

IF: 8.2

2023-01-01

IEEE Transactions on Intelligent Vehicles

Abstract:In the growth of intelligent surveillance and computer vision, pedestrian intrusion detection (PID) has been widely applied in security, automatic driving and many other fields. Vision-based PID aims at detecting whether pedestrians invade an area-of-interest (AoI). For dynamic PID task, we need to identify the invading individuals from a large amount of pedestrian objects in a varying AoI scene, which is very challenging. We take the first attempt to solve this issue and propose a network named PIDNet to address it. In the PIDNet, we design an efficient dual-branch network, which combines region segmentation and pedestrian object detection. The final intrusion judgement is made by analyzing the position relation between a segmented AoI and a detected pedestrian. With the lightweight network design, PIDNet can detect pedestrian objects and segment AoI simultaneously, and make intrusion judgment efficiently. In order to achieve better intrusion detection performance, we further propose a netowrk with a cross-association strategy (cross-PIDNet) to improve the feature extraction capability of dual-branch network. In this strategy, we build the connection between detection branch and segmentation branch, avoiding the redundancy of non-critical intrusion features and enhancing the expression of critical intrusion features. Meanwhile, we design a multi-scale intrusion judgment module, which makes the judgment of intrusion state more robust. Since neither public datasets nor a benchmark is available in this direction, we set up a benchmark dataset and corresponding evaluation metrics. Experimental results indicate that our cross-PIDNet can reach 74.7% $PID\_{A}cc$ and 50.8% $PID\_{A}P$ .

Jun Gao,Weiming Hu,Xiaoqin Zhang,Xi Li

DOI: https://doi.org/10.1109/wi-iat.2009.113

2009-01-01

Web Intelligence

Abstract:Due to the increasing demands for network security, distributed intrusion detection has become a hot research topic in computer science. However, the design and maintenance of the intrusion detection system (IDS) is still a challenging task due to its dynamic, scalability, and privacy properties. In this paper, we propose a distributed IDS framework which consists of the individual and global models. Specifically, the individual model for the local unit derives from Gaussian Mixture Model based on online Adaboost algorithm, while the global model is constructed through the PSO-SVM fusion algorithm. Experimental results demonstrate that our approach can achieve a good detection performance while being trained online and consuming little traffic to communicate between local units.

CHEN Bo,LUO Guang-Chun,LU Xian-Liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.04.028

2006-01-01

Computer Science

Abstract:When traditional Intrusion Detection System (IDS) is used to detect and analyze in WAN,it usually causes the computation bottleneck.This paper presents a new Mobile Agent Distributed IDS (MADIDS) system based on the mobile agents.This system is specifically designed for WAN.In MADIDS,the agents that are set at each node process the data transfer by distributed computation architecture.It has the ability of intrusion detection within the entire net- work and has good portability.The consumption of the network and servers' resources is not high,which means the possibility of network bottleneck is decreased.In this paper,we construct the infrastructure and theoretical model of MADIDS,and the deficiencies of MADIDS and future research work are also indicated.

R Janakiraman,M Waldvogel,Q Zhang

DOI: https://doi.org/10.1109/enabl.2003.1231412

2003-01-01

Abstract:While the spread of the Internet has made the network ubiquitous, it has also rendered networked systems vulnerable to malicious attacks orchestrated from anywhere. These attacks or intrusions typically start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Attackers rely on increasingly sophisticated techniques like using distributed attack sources and obfuscating their network addresses. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targeted single point of failure. Scalable, distributed network intrusion prevention techniques are sorely needed.We propose Indra-a distributed scheme based on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We present initial ideas for running Indra over a peer-to-peer infrastructure to distribute up-to-date rumors, facts, and trust information in a scalable manner.

Chen Min

2002-01-01

Abstract:In recent years, intrusion detection systems, being the important part of the information security system, have gained extensive attentions. Many different intrusion detection technologies come into being. This paper presents an architecture of Intrusion Detection Systems (IDS) based on autonomous agents. The distributed architecture paves the way in that IDSes can avoid the single point failure of the distributed systems, balance the system load and improve the efficiency, to meet the requirements of modern computer and network technologies.

Jiabin Li,Zhi Xue

DOI: https://doi.org/10.1109/cais.2019.8769511

2019-01-01

Abstract:Botnet has been evolving over time since its birth. Nowadays, P2P (Peer-to-Peer) botnet has become a main threat to cyberspace security, owing to its strong concealment and easy expansibility. In order to effectively detect P2P botnet, researchers often focus on the analysis of network traffic. For the sake of enriching P2P botnet detection methods, the author puts forward a new sight of applying distributed threat intelligence sharing system to P2P botnet detection. This system aims to fight against distributed botnet by using distributed methods itself, and then to detect botnet in real time. To fulfill the goal of botnet detection, there are 3 important parts: the threat intelligence sharing and evaluating system, the BAV quantitative TI model, and the AHP and HMM based analysis algorithm. Theoretically, this method should work on different types of distributed cyber threat besides P2P botnet.

K Xiao,J Zheng,X Wang,XY Xue

2005-01-01

Abstract:MANET: are composed of mobile nodes without any infrosiructure and nodes cooperate to set up routes for network communications. Because of these characters, MANETs operate in open medium, so they are particularly vulnerable to intrusions. In this paper, we present an efficient intrusion detection system called MAPIDS (Mobile Agent-based Peer-to-peer Intrusion Detection System). On detecting a suspicious activity, MAPIDS initiates a voting approach to make a collective decision and take further action. In contrast to other intrusion detection system based on collective decision, MAPIDS saves more bandwidth and energy and it is immune to sparse nodes problem.

蔡洪民,伍乃骐,陈素,陈沁群

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.06.053

2009-01-01

Abstract:With the great development of computer network,the network security problem becomes more serious,the single IDS can not meet the needs of network security,so the DIDS comes forth.A distributed intrusion detection system is brought forward,the inverted connection technology of the rebound Trojan horse is applied to the communication between agents and server,the agents adopt multi-thread technology to capture the packets,and it can detect the Trojan horse by the incorporation of the system process and the port communication.The server can deploy the uniform tactics to the agents and it can monitor the agents in real time,and so the DIDS en-hances the network security.

Guangchun Luo

2007-01-01

Abstract:Intrusion detection is an important way of secure information. One of the key problems of intrusion detection is the validity and efficiency of detection algorithms. This paper products a distributed IDS model based on N-P principle and discusses how to implement it. By colligating each kind of local strategy, the simulation verifies that the validity of IDS can be improved, the rate of fake alarm can be lowered down at the same time, and the reliability of decision-making is promoted indeed.

CHEN Jia,SI Tiange,DAI Yiqi

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.13.058

2006-01-01

Abstract:Intrusion detection technology is an indispensable way to keep the network safety. This paper proposes an intrusion detection system (IDS) framework based on network processor and detecting cluster. The possibility of functioning the distributor by IXP1200 and the key algorithms of the distributor are discussed. The result shows that the distributor can achieve a more than 1000Mbps data-capturing ability, and the load balance policy based on CAM is a satisfying trade-off on protecting the information integrity and reducing the computing complexity.

杨武,方滨兴,云晓春,张宏莉,胡铭曾

DOI: https://doi.org/10.3969/j.issn.1007-5321.2004.04.017

2004-01-01

Abstract:The performance bottleneck of the traditional network intrusion detection system (NIDS) is investigated in order to design and implement a high-performance distributed intrusion detection system (HDIDS) to detect network intruders by passively monitoring a network link. Experiments indicate that the data processing of our HDIDS is increased by about 3 times more than that of the traditional NIDS.