Title
Weighted Link Graphs: A Distributed Ids For Secondary Intrusion Detection And Defense
Abstract
While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer's compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusion detection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.
Publication Date
11-10-2005
Publication Title
Proceedings of SPIE - The International Society for Optical Engineering
Volume
5812
Number of Pages
39-51
Document Type
Article; Proceedings Paper
Personal Identifier
scopus
DOI Link
https://doi.org/10.1117/12.603857
Copyright Status
Unknown
Socpus ID
27544459509 (Scopus)
Source API URL
https://api.elsevier.com/content/abstract/scopus_id/27544459509
STARS Citation
Zhou, Mian and Lang, Sheau Dong, "Weighted Link Graphs: A Distributed Ids For Secondary Intrusion Detection And Defense" (2005). Scopus Export 2000s. 3562.
https://stars.library.ucf.edu/scopus2000/3562