Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems

Michele Colajanni, Daniele Gozzi, Mirco Marchetti
2007 Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems - ANCS '07  
A traditional Network Intrusion Detection System (NIDS) is based on a centralized architecture that does not satisfy the needs of most modern network infrastructures characterized by high traffic volumes and complex topologies. The problem of decentralized NIDS based on multiple sensors is that each of them gets just a partial view of the network traffic and this prevents a stateful and fully reliable traffic analysis. We propose a novel cooperation mechanism that addresses the previous issues
more » ... hrough an innovative state management and state migration framework. It allows multiple decentralized sensors to share their internal state, thus accomplishing innovative and powerful traffic analysis. The advanced functionalities and performance of the proposed cooperative framework for network intrusion detection systems are demonstrated through a fully operative prototype.
doi:10.1145/1323548.1323576 dblp:conf/ancs/ColajanniGM07 fatcat:sb5oufupjbbz7j75pok2birjie