A Multiple Keyword Fusion Scheme for P2P IDS Alert

Author

Xu, Ming ; Lin, Chaochi ; Chen, Qin

Author_Institution

Inst. of Comput. Applic. Technol., HangZhou Dianzi Univ., Hangzhou

fYear

2008

fDate

1-3 Nov. 2008

Firstpage

317

Lastpage

320

Abstract

Alert fusion is a key problem in distributed intrusion detection system (DIDS). The paper proposes a distributed intrusion alert fusion scheme based on multiple keywords and routing infrastructure: distributed hash table (DHT). All the related alerts produced by local sensor can be routed and fused to their corresponding peers by multiple keywords, while evenly distributing unrelated alerts to different peer. We evaluation our scheme with a real-world intrusion detection dataset (DShield Dataset), which has been collected firewall and NIDS logs from over 1600 administrators across the world. Experimental results show that our scheme has well scalable, and can achieve significant improvement in load balancing.

Keywords

distributed processing; peer-to-peer computing; security of data; DHT; DShield Dataset; P2P IDS alert; distributed hash table; distributed intrusion alert fusion scheme; distributed intrusion detection system; load balancing; multiple keyword fusion scheme; routing infrastructure; Chaotic communication; Computer applications; Computer worms; Intelligent networks; Intelligent systems; Intrusion detection; Peer to peer computing; Routing; Sensor phenomena and characterization; Sensor systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Networks and Intelligent Systems, 2008. ICINIS '08. First International Conference on

Conference_Location

Wuhan

Print_ISBN

978-0-7695-3391-9

Electronic_ISBN

978-0-7695-3391-9

Type

conf

DOI

10.1109/ICINIS.2008.43

Filename

4683229