Skip to main content
SpringerLink
Log in

Architecture and Implementation

  • Chapter
  • First Online:
Book cover Network Intrusion Detection and Prevention

Part of the book series: Advances in Information Security ((ADIS,volume 47))

Abstract

Based on the place where data source are collected and analyzed, the IDS can be classified into centralized, distributed and agent based. In this Chapter, we discuss each category in terms of its architecture and implementation.

The first generation of IDSs is generally implemented inside the mainframe computer systems that they monitor and protect. These host-based IDSs run on the target system in order to monitor and analyze the operating system and host activities and to detect malicious activities. Due to the overhead caused by IDSs on the target system, the next generation of IDSs is proposed in which the intrusion monitoring, analysis and detection are moved from the target system to a separate system. Most of current IDSs are centralized systems. With a centralized architecture, all of the monitoring, detection, and response activities are controlled directly by a central console. Figure 5.1 illustrates a generic centralized IDS architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Axelsson, Intrusion detection systems: A survey and taxonomy, Tech. Report 99–15, Chalmers University of Technology, Department of Computer Engineering, 2000.

    Google Scholar 

  2. Karima Boudaoud and Zahia Guessoum, A multi-agents system for network security management, Telecommunication Network Intelligence, IFIP TC6 WG6.7 Sixth International Conference on Intelligence in Networks (SMARTNET 2000) (Vienna, Austria) (Harmen R. van As, ed.), IFIP Conference Proceedings, vol. 178, Kluwer, September 2000, pp. 172–189.

    Google Scholar 

  3. M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford, Idiot - users guide, technical report, Tech. Report TR-96-050, Purdue University, COAST Laboratory, September 1996.

    Google Scholar 

  4. D. Frincke, D. Tobin, J. McConnell, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (Arlington, VA), October 1998, pp. 361–373.

    Google Scholar 

  5. I.M. Hegazy, T. Al-Arif, Z.T. Fayed, and H.M. Faheem, A multi-agent based system for intrusion detection, IEEE Potentials 22 (2003), no. 4, 28–31.

    Article  Google Scholar 

  6. G. Helmer, Intelligent multi-agent system for intrusion detection and countermeasures, Ph.D. thesis, Iowa State University, Computer Science Department, Ames, IA, 2000.

    Google Scholar 

  7. G. Helmer, J.S.K. Wong, V. Honavar, L. Miller, and Y. Wang, Lightweight agents for intrusion detection, The Journal of Systems & Software 67 (2003), no. 2, 109–122.

    Article  Google Scholar 

  8. M.Y. Huang, R.J. Jasper, and T.M. Wicks, Large scale distributed intrusion detection framework based on attack strategy analysis, COMPUT. NETWORKS 31 (1999), no. 23, 2465–2475.

    Article  Google Scholar 

  9. W. Jansen, P. Mell, T. Karygiannis, and D. Marks, Applying mobile agents to intrusion detection and response, Tech. Report NIST Interim Report (IR) 6416, National Institute of Standards and Technology, Computer Security Division, October 1999.

    Google Scholar 

  10. ——, Mobile agents in intrusion detection and response, 12th Annual Canadian Information Technology Security Symposium (Ottowa, Canada), 2000.

    Google Scholar 

  11. A. Taguchi M. Asaka, S. Okazawa and S. Goto, A method of tracing intruders by use of mobile agent, Proceedings of the 9th Annual Internetworking Conference (INET) (San Jose, California), 1999.

    Google Scholar 

  12. J. McConnell, D. Frincke, D. Tobin, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (NISSC), October 1998, pp. 361–373.

    Google Scholar 

  13. X. Qin, W. Lee, L. Lewis, and JBD Cabrera, Integrating intrusion detection and network management, IEEE/IFIP Network Operations and Management Symposium (NOMS), 2002, pp. 329–344.

    Google Scholar 

  14. D.J. Ragsdale, C.A. Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.

    Google Scholar 

  15. M. Shajari and A. Ghorbani, Using fuzzy logic to manage false alarms in intrusion detection, Proceedings of the 18th International Conference on Information Security (SEC), 2003, pp. 241–252.

    Google Scholar 

  16. M. Shajari and A. A. Ghorbani, Application of Belief-Desire-Intention agents in intrusion detection and response, Proceedings of Privacy, Security, Trust(PST04) Conference, 2004.

    Google Scholar 

  17. Eugene H. Spafford and Diego Zamboni, Intrusion detection using autonomous agents, Computer Networks 34 (2000), no. 4, 547–570.

    Article  Google Scholar 

  18. A. Sundaram, An introduction to intrusion detection, Crossroads 2 (1996), no. 4, 3–7.

    Article  Google Scholar 

  19. G. Vigna, Mobile agents: Ten reasons for failure, 2004 IEEE International Conference on Mobile Data Management, 2004. Proceedings, 2004, pp. 298–299.

    Google Scholar 

  20. X. Wang, The loop fallacy and serialization in tracing intrusion connections through stepping stones, Proceedings of ACM Symposium on Applied Computing (SAC), March 2004.

    Google Scholar 

  21. Q. Xue, J. Sun, and Z. Wei, TJIDS: an intrusion detection architecture for distributed network, IEEE CCECE Canadian Conference on Electrical and Computer Engineering, vol. 2, 2003.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of New Brunswick, Fredericton, NB, E3B 5A3, Canada

    Ali A. Ghorbani (Faculty in Computer Science), Wei Lu (Faculty in Computer Science) & Mahbod Tavallaee (Faculty in Computer Science)

Authors
  1. Ali A. Ghorbani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahbod Tavallaee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali A. Ghorbani .

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag US

About this chapter

Cite this chapter

Ghorbani, A.A., Lu, W., Tavallaee, M. (2010). Architecture and Implementation. In: Network Intrusion Detection and Prevention. Advances in Information Security, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88771-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-88771-5_5

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-88770-8

  • Online ISBN: 978-0-387-88771-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation