Intrusion detection in real-time in a multi-node, multi-host environment

• Main Author: Barrus, Joseph D.
• Other Authors: Rowe, Neil
• Language: English
• Published: Monterey, California. Naval Postgraduate School 2012
• Online Access: http://hdl.handle.net/10945/8567

Approved for public release; distribution is unlimited === While there exist many tools and methods used to recognize intrusions into single system environments, there are few that can recognize and handle attacks in real time. This group is further reduced when adding the complexity of recognizing and handling intrusions occurring in a heterogeneous networked environments. The results of the thesis are an open architecture design for a real-time intrusion detection system to handle intrusions in a heterogeneous network and the system requirements, specifications, protocols and software module design to support an implementation of a system using this architecture. The architecture presented herein comprises a distributed system of autonomous agents that reside on the various hosts in a network. These agents communicate with each other in a coordinated effort to identify and respond to intrusions into the network by sending messages to each other detailing the identity and threat level of a potential or imminent attack. To quantify the threat level of an ongoing attack, this thesis also presents an alert level hierarchy based on the danger level and transferability of the threat to the various hosts within the network