Jaydip Sen, Indranil Sengupta. Autonomous Agent Based Distributed Fault-Tolerant Intrusion Detection System. In Goutam Chakraborty, editor, Distributed Computing and Internet Technology, Second International Conference, ICDCIT 2005, Bhubaneswar, India, December 22-24, 2005, Proceedings. Volume 3816 of Lecture Notes in Computer Science, pages 125-131, Springer, 2005. [doi]
Because all vulnerabilities of a network cannot be realized, and penetration of the system cannot always be prevented, intrusion detection systems have become necessary to ensure the security of a network. The intrusion detection systems need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today’s network environments, the design of an intrusion detection system has become a very challenging task. A great deal of research has been conducted on intrusion detection in a distributed environment to circumvent the problems of centralized approaches. However, distributed intrusion detection systems suffer from a number of drawbacks e.g., high rates of false positives, low efficiency etc. In this paper, we propose the architecture of a fully distributed intrusion detection system that uses a set of autonomous but cooperating agents. The system has also the capability of isolating compromised nodes from intrusion detection activity thereby ensuring fault-tolerance in computation.