Share Email Print
cover

Proceedings Paper

Weighted link graphs: a distributed IDS for secondary intrusion detection and defense
Author(s): Mian Zhou; Sheau-Dong Lang
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer’s compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusion detection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.

Paper Details

Date Published: 28 March 2005
PDF: 13 pages
Proc. SPIE 5812, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, (28 March 2005); doi: 10.1117/12.603857
Show Author Affiliations
Mian Zhou, Univ. of Central Florida (United States)
Sheau-Dong Lang, Univ. of Central Florida (United States)


Published in SPIE Proceedings Vol. 5812:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top