An analysis of distributed sensor data aggregation for network intrusion detection

  • Authors:

  • John C. McEachen;Cheng Wai Kah

  • Affiliations:

  • 833 Dyer Rd. Rm. 437, Code EC/Mj, Department of Electrical and Computer Engineering, Naval Postgraduate School, Monterey, California, USA;833 Dyer Rd. Rm. 437, Code EC/Mj, Department of Electrical and Computer Engineering, Naval Postgraduate School, Monterey, California, USA

  • Venue:
  • Microprocessors & Microsystems
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

A current trend in computer network intrusion detection is to deploy a network of traffic sensors, or agents, throughout the network and forward sensed information back to a central processor. As these systems start to incorporate hundreds, even thousands, of sensors, managing and presenting the information from these sensors is becoming an increasingly difficult task. This paper explores the use of conversation exchange dynamics (CED) to integrate and display sensor information from multiple nodes. We present an experimental setup consisting of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T. Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general, the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios.