Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Multi-agent reinforcement learning: independent vs. cooperative agents
Readings in agents
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Learning to Share Distributed Probabilistic Beliefs
ICML '02 Proceedings of the Nineteenth International Conference on Machine Learning
Learning Quantitative Knowledge for Multiagent Coordination TITLE2:
Learning Quantitative Knowledge for Multiagent Coordination TITLE2:
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Detecting distributed denial of service attacks by sharing distributed beliefs
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Nearly monotonic problems: a key to effective FA/C distributed sensor interpretation?
AAAI'96 Proceedings of the thirteenth national conference on Artificial intelligence - Volume 1
Data fusion with minimal communication
IEEE Transactions on Information Theory
Internet infrastructure security: a taxonomy
IEEE Network: The Magazine of Global Internetworking
Hybrid Intrusion Forecasting Framework for Early Warning System
IEICE - Transactions on Information and Systems
The curse of ease of access to the internet
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Review: A review of novelty detection
Signal Processing
| Hi-index | 0.00 |
In this paper, we present an information sharing model for distributed intrusion detection systems. The typical challenges faced by distributed intrusion detection systems is what information to share and how to share information. We address these problems by using the Cumulative Sum algorithm to collect statistics at each local system, and use a machine learning approach to coordinate the information sharing among the distributed detection systems. Our major contributions are two-fold. First, we propose a simple but robust scheme to monitor changes in the local statistics. Second, we present a learning algorithm to decide when to share information so that both the communication overhead among the distributed detection systems and the detection delay are minimized. We demonstrate the application of our information sharing model to a specific distributed intrusion detection scenario. We show that our approach is able to optimize the trade-off between the time required to detect an attack, and the volume of communication between the distributed intrusion detection systems.