Cooperating systems for Global Intrusion Detection and Tolerance

In this paper, we propose to cooperate multi level IDSs through the use of an architecture called global intrusion detection and tolerance architecture (GIDTA). GIDTA allows the detection of distributed attacks at their early stages using the collection, correlation, and exchange of data provided by different network components and the structures available at the operating system level and the disk management level. In addition, major detection and tolerance capabilities are protected against intruders attempts since they are performed by compromise independent components. The GIDTA components implement different functions based on global and hierarchical models allowing flee grained distributed analysis, and including intelligent capabilities that are able to impose a dynamic behavior taking into consideration the security state of the cooperating entities. A protocol called a neighbor identification protocol is designed to enhance detection and tolerance capabilities. Finally, GIDTA is validated based on the actions it performs in an environment that integrates an airport distributed application, including a flight management system.