Skip to main content
Log in

A Distributed Intrusion Detection System with Protection from an Internal Intruder

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

The protection of modern distributed information networks from external and internal intruders continues to be of great importance due to the development of data transmission and processing technology. The article describes a model of data processing in the distributed intrusion detection system (DIDS) and method of using of hidden agents to protect from an internal intruder. The distribution of the functions on data processing between the DIDS local agent and central data processing node is presented. We describe a method of hiding of presence of the agent from the system user while retaining control of it from the part of the operator.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Similar content being viewed by others

REFERENCES

  1. Snapp, S.R., Brentano, J., Dias, G.V., Goan, T.L., Heberlein, L.T., Lin Ho, C., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., and Mansur, D., DIDS (Distributed Intrusion Detection System) ± motivation, architecture, and an early prototype, Proceedings of the 14th National Computer Security Conference, Washington, DC, 1991, pp. 167–176.

  2. Bass, T., Intrusion detection systems and multisensor data fusion, Commun. ACM, 2000, vol. 43, no. 4, pp. 99–105. doi 10.1145/332051.332079

    Article  Google Scholar 

  3. Helmer, G.G., Wong, J.S.K., Honavar, V., and Miller, L., Intelligent agents for intrusion detection, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228), Syracuse, NY, 1998, pp. 121–124. doi 10.1109/IT.1998.713396

  4. Huang, M.-Y., Jasper, R.J., and Wicks, T.M., A large scale distributed intrusion detection framework based on attack strategy analysis, Comput. Networks, 1999, vol. 31, nos. 23–24, pp. 2465–2475. doi 10.1016/S1389-1286(99)00114-0

    Article  Google Scholar 

  5. Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., and Zamboni, D., An architecture for intrusion detection using autonomous agents, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217), Phoenix, AZ, 1998, pp. 13–24. doi 10.1109/CSAC.1998.738563

  6. Sung, A.H., Mukkamala, S., and Lassez, J.-L., Computationally intelligent agents for distributed intrusion detection system and method of practicing same. https://patents.google.com/patent/US7941855.

  7. Juszczyszyn, K., Nguyen, N.T., Kolaczek, G., Grzech, A., Pieczynska, A., and Katarzyniak, R., Agent-based approach for distributed intrusion detection system design, Computational Science—ICCS 2006; Lect. Notes Comput. Sci., 2006, vol. 3993, pp. 224–231. https://doi.org/10.1007/11758532_31

    Article  Google Scholar 

  8. Wang, Y., Yang, H., Wang, X., and Zhang, R., Distributed intrusion detection system based on data fusion method, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788), 2004, vol. 5, pp. 4331–4334. doi 10.1109/WCICA.2004.1342330

  9. Gamayunov, D.Yu., Detection of computer attacks based on the analysis of the behavior of network objects, Cand. Sci. (Eng.) Dissertation, Moscow, 2007.

  10. Lauf, A.P., Peters, R.A., and Robinson, W.H., A distributed intrusion detection system for resource-constrained devices in ad-hoc networks, Ad Hoc Networks, 2010, vol. 8, no. 3, pp. 253–266. doi 10.1016/j.adhoc.2009.08.002

    Article  Google Scholar 

  11. Li, Q., Tan, Z., Jamdagni, A., Nanda, P., He, X., and Han, W. An intrusion detection system based on polynomial feature correlation analysis, IEEE Trustcom/BigDataSE/ISPA Conference Proceedings, 2017, pp. 1–6. doi 10.1109/Trustcom/BigDataSE/ICESS.2017.340

  12. Figlin, I., Zavalkovsky, A., Arzi, L., Hudis, E., LeMond, J.R., Fitzgerald, R.E., Ahmed, K.E., Williams, J.S., and Hardy, E.W., Network intrusion detection with distributed correlation. https://patents.google.com/patent/ US20110173699A1.

  13. Seresht, N.A. and Azmi, R., MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach, Eng. Appl. Artif. Intell., 2014, vol. 35, pp. 286–298. doi 10.1016/j.engappai.2014.06.022

    Article  Google Scholar 

  14. Aljawarneha, S., Aldwairiab, M., and Yasseina, M.B., Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160. doi 10.1016/j.jocs.2017.03.006

    Article  Google Scholar 

  15. Zuech, R., Khoshgoftaar, T.M., and Wald, R., Intrusion detection and Big Heterogeneous Data: A survey, J. Big Data, 2015, vol. 2, no. 3, pp. 1–41. https://doi.org/10.1186/s40537-015-0013-4

    Article  Google Scholar 

  16. Deng, S., Zhou, A.-H., Yue, D., Hu, B., and Zhu, L.-P., Distributed intrusion detection based on hybrid gene expression programming and cloud computing in a cyber physical power system, IET Control Theory Appl., 2017, vol. 11, no. 1, pp. 1822–1829. doi 10.1049/iet-cta.2016.1401

    Article  MathSciNet  Google Scholar 

  17. Moustafa, N., Creech, G., and Slay, J., Big Data analytics for intrusion detection system: Statistical decision-making using finite Dirichlet mixture models, in Data Analytics and Decision Support for Cybersecurity. Data Analytics, Cham: Springer, 2017, pp. 127–156. doi 10.1007/978-3-319-59439-2_5

    Google Scholar 

  18. Pechenkin, A.I., Poltavtseva, M.A., and Lavrova, D.S., An approach to data normalization in the Internet of Things for security analysis, Program. Prod. Sist., Tver, 2016, no. 2, pp. 83–88. doi 10.15827/0236-235X.114.083-088

  19. Klepman, M., Vysokonagruzhennye prilozheniya. Programmirovanie, masshtabirovanie, podderzhka (Highly Loaded Applications. Programming, Scaling, Support), St. Petersburg: Piter, 2018.

  20. Magda, Yu.S., Programmirovanie i otladka S, in S++ prilozhenii dlya mikrokontrollerov ARM (Programming and Debugging C/C++ Applications for ARM Microcontrollers), Moscow: DMK Press, 2012.

Download references

ACKNOWLEDGMENTS

The results of the work were obtained using the computing resources of the supercomputing center of Peter the Great St. Petersburg Polytechnic University (SCC Polytekhnicheskii) (http://www.spbstu.ru).

This work was financially supported by the Ministry of Education and Science of the Russian Federation in the framework of the Federal Targeted Program “Research and Development in the High-Priority Areas of Development of the Scientific and Technology sector of Russia for 2014–2020,” agreement no. 14.578.21.0231, unique agreement identifier RFMEFI57817X0231.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to M. A. Poltavtseva.

Additional information

Translated by Yu. Bezlepkina

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shterenberg, S.I., Poltavtseva, M.A. A Distributed Intrusion Detection System with Protection from an Internal Intruder. Aut. Control Comp. Sci. 52, 945–953 (2018). https://doi.org/10.3103/S0146411618080230

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411618080230

Keywords:

Navigation