CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
Wild-Inspired Intrusion Detection System Framework for High Speed Networks f|p IDS Framework
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Alert fusion is a key problem in distributed intrusion detection system (DIDS). The paper proposes a distributed intrusion alert fusion scheme based on multiple keywords and routing infrastructure: distributed hash table (DHT). All the related alerts produced by local sensor can be routed and fused to their corresponding peers by multiple keywords, while evenly distributing unrelated alerts to different peer. We evaluation our scheme with a real-world intrusion detection dataset (DShield Dataset), which has been collected firewall and NIDS logs from over 1600 administrators across the world. Experimental results show that our scheme has well scalable, and can achieve significant improvement in load balancing.