Intrusion Detection Using Third-Parties Support

Intrusions are one of the most important issues in the current Internet environment. Therefore, a lot of researchers and companies elaborated countermeasure techniques such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). These systems detect intrusions and prevent attackers from succeeding in their intrusion attempts. They usually rely on pattern matching and therefore, work efficiently on known-attacks. However, they do not work efficiently on unknown-attacks such as zero-day attacks and targeted attacks. This means, we should assume that our machines can be corrupted anytime. Therefore, we should consider what we can do under this assumption for a next generation security framework. In this paper, we propose a new intrusion detection methodology using the support of other machines. In our proposal, when an attacker tries to attack other machines from a corrupted machine that the attacker has already intruded, other machines notify it to the administrator of the corrupted machine. Then, the attacker may lose the corrupted machine. Therefore, the attacker restrains itself from imprudently attacking other machines. This will suppress the propagation of corrupted machines in the Internet.