SkipMon: A locality-aware Collaborative Intrusion Detection System

Due to the increasing quantity and sophistication of cyber-attacks, Intrusion Detection Systems (IDSs) are nowadays considered mandatory security mechanisms for protecting critical networks. Research on cyber-security is moving from such isolated IDSs towards Collaborative IDSs (CIDSs) in order to protect large-scale networks. In CIDSs, a number of IDS sensors work together for creating a holistic picture of the monitored network. Our contribution in this paper is a novel distributed and scalable CIDS, called SkipMon. Our system supports, both, the idea of locality and privacy preserving communication by means of exchanging compact alert data. Furthermore, we propose a mechanism for interconnecting sensors that experience similar traffic patterns. The experimental results suggest that our CIDS, with our technique of connecting monitoring nodes that experience similar traffic, is scalable and offers a good accuracy rate compared to a centralized system with full knowledge of the participating sensors´ data.