A Robust and Fault-Tolerant Distributed Intrusion Detection System

TL;DR

This paper proposes a distributed intrusion detection system with autonomous agents that effectively detects attacks, isolates compromised nodes, and demonstrates high detection accuracy with low false positives in experiments.

Contribution

It introduces a fault-tolerant distributed IDS with autonomous, cooperating agents capable of attack detection and node isolation, improving detection efficiency and reducing false positives.

Findings

High detection efficiency demonstrated in experiments

Low false positive rate achieved

Effective identification and isolation of compromised nodes

Abstract

Since it is impossible to predict and identify all the vulnerabilities of a network, and penetration into a system by malicious intruders cannot always be prevented, intrusion detection systems (IDSs) are essential entities for ensuring the security of a networked system. To be effective in carrying out their functions, the IDSs need to be accurate, adaptive, and extensible. Given these stringent requirements and the high level of vulnerabilities of the current days' networks, the design of an IDS has become a very challenging task. Although, an extensive research has been done on intrusion detection in a distributed environment, distributed IDSs suffer from a number of drawbacks e.g., high rates of false positives, low detection efficiency etc. In this paper, the design of a distributed IDS is proposed that consists of a group of autonomous and cooperating agents. In addition to its ability to detect attacks, the system is capable of identifying and isolating compromised nodes in the network thereby introducing fault-tolerance in its operations. The experiments conducted on the system have shown that it has high detection efficiency and low false positives compared to some of the currently existing systems.