Issue of Event Sequence in time of Distributed Intrusion Detection System

Author

Guoyuan, Lin ; Hao, Huang ; Tianjie, Cao

Author_Institution

Nanjing Univ., Nanjing

fYear

2007

fDate

18-21 Sept. 2007

Firstpage

215

Lastpage

222

Abstract

Distributed intrusion detection system (DIDS) is one of important devices for information security. In this field, how to improve detection rate is one of key issues. In this paper, the importance of event sequence in time is presented. Then, we discuss three factors, i.e. timestamp precision, time synchronization and network delay, which effect detection rate on the view of event sequence in time. On the three aspects, timestamp precision is the key to keep internal event sequence, time synchronization is the base of correcting event sequence among computers, and that network delay makes time-series analysis not true. Accordingly, we address some methods, i.e. raising timestamp precision, active self- adapting time synchronization algorithm and state turnabout mechanism. Experiments indicate that anyone of three measures can elevate detection performance to a certain extent. If they all are adopted, better detection results are revealed.

Keywords

computer networks; security of data; synchronisation; telecommunication security; time series; distributed intrusion detection system; event sequence; information security; network delay; time synchronization; time-series analysis; timestamp precision; Computer networks; Concurrent computing; Correlation; Delay effects; Distributed computing; Event detection; Information security; Intrusion detection; Laboratories; Parallel processing;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Parallel Computing Workshops, 2007. NPC Workshops. IFIP International Conference on

Conference_Location

Liaoning

Print_ISBN

978-0-7695-2943-1

Type

conf

DOI

10.1109/NPC.2007.120

Filename

4351487