Distributed Intrusion Detection: Simulation and Evaluation of Two Methodologies

The proliferation of wideband connections while opening the market to a wealth of Web based applications has also provided a pervasive set of injection point for malicious network traffic. This fact has generated a new storm of network attacks that every day generates a non negligible amount of network traffic. Intrusion Detection Systems (IDS) aim at preventing the delivery of malicious traffic to targeted systems thus preventing damage at the end point of the attack, however they are positioned either on a single host or on very peripheral routers, thus they do not provide any help in reducing the amount of malicious traffic roaming the network. The sheer amount of traffic to be analyzed prevents any attempt to move intrusion detection to core routers, however Distributed Intrusion Detection Systems (DIDS) may provide a solution. In past works DIDS have been envisioned as cooperative clusters of traditional IDS, in this paper we present two novel methodologies that could allow distributing the computational load of intrusion detection on several nodes and a simulation tool that allows us to evaluate the impact of these methodologies on the nodes involved.