Travelling Information For Intrusion Prevention Systems

摘要

The proliferation of wideband connections while opening the market to a wealth of new web based applications has also provided a pervasive set of injection points for malicious network traffic. This fact has generated a new storm of network attacks that every day generates a non negligible amount of network traffic. Intrusion Detection Systems (IDS) aim at preventing the delivery of malicious traffic to targeted systems thus preventing damage at the end point of the attack, however they are positioned either on a single host or on very peripheral routers, thus they do not provide any help in reducing the amount of malicious traffic roaming the network. The sheer amount of traffic to be analyzed prevents any attempt to move intrusion detection to core routers, however Distributed Intrusion Detection Systems (DIDS) may provide a solution. In past works DIDS have been envisioned as cooperative clusters of traditional IDS, in this paper we present a novel methodology that allows distributing the computational load of intrusion detection on several nodes thus allowing to empower the network itself of intrusion detection and prevention capabilities.