Indra: A Distributed Approach to Network Intrusion Detection and Prevention (2001) [3 citations — 0 self]
Abstract:
Abstract—While advances in computer and communications technology have made the network ubiquitous, they have also rendered networked systems vulnerable to malicious attacks orchestrated from a distance. These attacks, usually called cracker attacks or intrusions, start with crackers infiltrating a network through a vulnerable host and then going on to launch further attacks. Crackers depend on increasingly sophisticated techniques like using distributed attack sources. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targetable single point of failure. Scalable, distributed network intrusion prevention software is sorely needed. We propose Indra – a distributed scheme that depends on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We further describe a plugin mechanism that enables an administrator to simultaneously plug weaknesses in thousands of machines with a single E-Mail. A. Background I.
