A Distributed Hash Table Assisted Intrusion Prevention System

Czirkos, Zoltán; Rencz, Márta; Hosszú, Gábor

Home // International Journal On Advances in Security, volume 5, numbers 3 and 4, 2012 // View article

A Distributed Hash Table Assisted Intrusion Prevention System

Authors:
Zoltán Czirkos
Márta Rencz
Gábor Hosszú

Keywords: collaborative intrusion detection; attack correlation; peer-to-peer; distributed hash table; Kademlia

Abstract:
Using collaborative intrusion detection to sense network intrusions comes at a price of handling an enormous amount of data generated by detection probes, and the problem of properly correlating the evidence collected at different parts of the network. The correlation between the recorded events has to be revealed, as it may be the case that they are part of a complex, large-scale attack, even if they manifested at different parts of the network. In this paper we describe the inner workings a peer-to-peer network based intrusion detection system, which is able to handle the intrusion detection data efficiently while maintaining the accuracy of centralized approaches of correlation. The system is built on a distributed hash table, for which keys are assigned to each piece of intrusion data in a preprocessing step. The network traffic requirements of such a system, and the load balancing that can be achieved by using the Kademlia peer-to-peer overlay network are discussed as well.

Pages: 134 to 143

Publication date: December 31, 2012

Published in: journal

ISSN: 1942-2636