An analysis of distributed sensor data aggregation for network intrusion detection

• Published in: Microprocessors and microsystems Vol. 31; no. 4; pp. 263 - 272
• Main Authors: McEachen, John C., Wai Kah, Cheng
• Format: Journal Article
• Language: English
• Published: Elsevier B.V 01.06.2007
• Subjects: Configuration monitoring; Conversation exchange dynamics; Data mining; Distributed network intrusion detection; Network security; Statistical mechanics; Configuration monitoring; Network security; Distributed network intrusion detection; Data mining; Statistical mechanics; Conversation exchange dynamics
• ISSN: 0141-9331; 1872-9436
• DOI: 10.1016/j.micpro.2007.01.001

A current trend in computer network intrusion detection is to deploy a network of traffic sensors, or agents, throughout the network and forward sensed information back to a central processor. As these systems start to incorporate hundreds, even thousands, of sensors, managing and presenting the information from these sensors is becoming an increasingly difficult task. This paper explores the use of conversation exchange dynamics (CED) to integrate and display sensor information from multiple nodes. We present an experimental setup consisting of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T. Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general, the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios.