The Intrusion Detection System for Peer-to-Peer Computing Environment

• Main Authors: Hung-Yi Laoi, 廖泓益
• Other Authors: Y.T Chen
• Format: Others
• Language: en_US
• Published: 2002
• Online Access: http://ndltd.ncl.edu.tw/handle/88771556980584224214

碩士 === 國立臺灣科技大學 === 電子工程系 === 90 === Peer-to-Peer applications, such as Napster, become popular over the past several years, but the security in Peer-to-Peer computing environment is still a challenge issue. Only one malicious Peer can influence the whole Peer-to-Peer network. In this paper, we present an agent-based IDS architecture, which can use in large-scale Peer-to-Peer computing environment. The centerpiece of mobile agents includes a network-based misuse detection system based on SNORT to detect network-level attacks, and a host-based anomaly detection system to detect application-level attacks. We also propose a novel window-based chi-square algorithm to detect application-level intrusions. To evaluate the performance of the proposed algorithm, we conduct a comprehensive computer simulation based on the data provided by MIT Lincoln Lab. The results indicate the proposed window-based chi-square algorithm can achieve high detection rate at 92.05% and low false rate at 2.21% for HTTP session, which is better than the existing anomaly detection schemes.