Abstract
Based on the place where data source are collected and analyzed, the IDS can be classified into centralized, distributed and agent based. In this Chapter, we discuss each category in terms of its architecture and implementation.
The first generation of IDSs is generally implemented inside the mainframe computer systems that they monitor and protect. These host-based IDSs run on the target system in order to monitor and analyze the operating system and host activities and to detect malicious activities. Due to the overhead caused by IDSs on the target system, the next generation of IDSs is proposed in which the intrusion monitoring, analysis and detection are moved from the target system to a separate system. Most of current IDSs are centralized systems. With a centralized architecture, all of the monitoring, detection, and response activities are controlled directly by a central console. Figure 5.1 illustrates a generic centralized IDS architecture.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Axelsson, Intrusion detection systems: A survey and taxonomy, Tech. Report 99–15, Chalmers University of Technology, Department of Computer Engineering, 2000.
Karima Boudaoud and Zahia Guessoum, A multi-agents system for network security management, Telecommunication Network Intelligence, IFIP TC6 WG6.7 Sixth International Conference on Intelligence in Networks (SMARTNET 2000) (Vienna, Austria) (Harmen R. van As, ed.), IFIP Conference Proceedings, vol. 178, Kluwer, September 2000, pp. 172–189.
M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford, Idiot - users guide, technical report, Tech. Report TR-96-050, Purdue University, COAST Laboratory, September 1996.
D. Frincke, D. Tobin, J. McConnell, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (Arlington, VA), October 1998, pp. 361–373.
I.M. Hegazy, T. Al-Arif, Z.T. Fayed, and H.M. Faheem, A multi-agent based system for intrusion detection, IEEE Potentials 22 (2003), no. 4, 28–31.
G. Helmer, Intelligent multi-agent system for intrusion detection and countermeasures, Ph.D. thesis, Iowa State University, Computer Science Department, Ames, IA, 2000.
G. Helmer, J.S.K. Wong, V. Honavar, L. Miller, and Y. Wang, Lightweight agents for intrusion detection, The Journal of Systems & Software 67 (2003), no. 2, 109–122.
M.Y. Huang, R.J. Jasper, and T.M. Wicks, Large scale distributed intrusion detection framework based on attack strategy analysis, COMPUT. NETWORKS 31 (1999), no. 23, 2465–2475.
W. Jansen, P. Mell, T. Karygiannis, and D. Marks, Applying mobile agents to intrusion detection and response, Tech. Report NIST Interim Report (IR) 6416, National Institute of Standards and Technology, Computer Security Division, October 1999.
——, Mobile agents in intrusion detection and response, 12th Annual Canadian Information Technology Security Symposium (Ottowa, Canada), 2000.
A. Taguchi M. Asaka, S. Okazawa and S. Goto, A method of tracing intruders by use of mobile agent, Proceedings of the 9th Annual Internetworking Conference (INET) (San Jose, California), 1999.
J. McConnell, D. Frincke, D. Tobin, J. Marconi, and D. Polla, A framework for cooperative intrusion detection, Proceedings of the 21st National Information Systems Security Conference (NISSC), October 1998, pp. 361–373.
X. Qin, W. Lee, L. Lewis, and JBD Cabrera, Integrating intrusion detection and network management, IEEE/IFIP Network Operations and Management Symposium (NOMS), 2002, pp. 329–344.
D.J. Ragsdale, C.A. Jr. Carver, J.W. Humphries, and U.W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics (Nashville, TN USA), vol. 4, 2000, pp. 2344–2349.
M. Shajari and A. Ghorbani, Using fuzzy logic to manage false alarms in intrusion detection, Proceedings of the 18th International Conference on Information Security (SEC), 2003, pp. 241–252.
M. Shajari and A. A. Ghorbani, Application of Belief-Desire-Intention agents in intrusion detection and response, Proceedings of Privacy, Security, Trust(PST04) Conference, 2004.
Eugene H. Spafford and Diego Zamboni, Intrusion detection using autonomous agents, Computer Networks 34 (2000), no. 4, 547–570.
A. Sundaram, An introduction to intrusion detection, Crossroads 2 (1996), no. 4, 3–7.
G. Vigna, Mobile agents: Ten reasons for failure, 2004 IEEE International Conference on Mobile Data Management, 2004. Proceedings, 2004, pp. 298–299.
X. Wang, The loop fallacy and serialization in tracing intrusion connections through stepping stones, Proceedings of ACM Symposium on Applied Computing (SAC), March 2004.
Q. Xue, J. Sun, and Z. Wei, TJIDS: an intrusion detection architecture for distributed network, IEEE CCECE Canadian Conference on Electrical and Computer Engineering, vol. 2, 2003.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer-Verlag US
About this chapter
Cite this chapter
Ghorbani, A.A., Lu, W., Tavallaee, M. (2010). Architecture and Implementation. In: Network Intrusion Detection and Prevention. Advances in Information Security, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88771-5_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-88771-5_5
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88770-8
Online ISBN: 978-0-387-88771-5
eBook Packages: Computer ScienceComputer Science (R0)