A Distributed Network Intrusion Detection System with Active Surveillance Agent

Bin Zeng, Lu Yao, Rui Wang

Abstract


A distributed network intrusion detection system (IDS) called SA-NIDS is proposed based on the network-based intrusion detection architecture. It includes three basic components, Local Intrusion Detection Monitor (LIDM), Global Intrusion Detection Controller (GIDC), and Surveillance Agent (SA). Basically, the LIDM is used to do packets capturing, packets de-multiplexing, local intrusion detection and intrusion inferring. The GIDC is installed in administration center for communicating and managing LIDMs, it can also do the intrusion detection and intrusion inferring. The SA contains several optional functions for information gathering. After an attack behavior is discovered, the SA may be used to launch some kinds of information gathering to the attacker, so that the proposed SA-NIDS has the active surveillance ability. For the intrusion inferring, the pattern matching and the statistical approach are applied in SA-NIDS. The experimental results can satisfy the needs of network information safety.

 

 DOI: http://dx.doi.org/10.11591/telkomnika.v11i10.3707


Keywords


Information Security; Intrusion Detection System; Multi-Agent System; Pattern Matching

Full Text:

PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

shopify stats IJEECS visitor statistics