Evaluation of a decentralized architecture for large scale collaborative intrusion detection
Chenfeng Vincent Zhou, Shanika Karunasekera, Christopher Leckie
2007 10TH IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM 2009), VOLS 1 AND 2 | IEEE | Published : 2007
An important problem in network intrusion detection is how to detect large scale coordinated attacks such as scans, worms and denial-of-service attacks. These coordinated attacks can be difficult to detect at an early stage, since the evidence of the attack may be widely distributed across different subnetworks in the Internet. A critical issue for research is how to detect these large scale attacks by correlating information from multiple intrusion detection systems in an efficient manner. Several collaborative detection systems have been proposed in the literature. However, these proposals have lacked large scale testing in real networks, and the practicalities of how to optimize the trade..View full abstract
We thank National ICT Australia for funding this work.