Title

Weighted Link Graphs: A Distributed Ids For Secondary Intrusion Detection And Defense

Abstract

While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer's compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusion detection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.

Publication Date

11-10-2005

Publication Title

Proceedings of SPIE - The International Society for Optical Engineering

Volume

5812

Number of Pages

39-51

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1117/12.603857

Socpus ID

27544459509 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/27544459509

This document is currently not available here.

Share

COinS