Distributed Intrusion Detection Systems: An Introduction and Review

Intrusion Detection Systems have undergone rapid growth in power, scope and complexity in their short history. Most IDS share a similar underlying structure: agents reporting detections to a management system. Recent increases in malicious network activity worldwide have precipitated the need for IDS with global scope. These distributed Intrusion Detection Systems multiply the power of a single IDS by marrying an attack correlation engine with an database of events obtained from a large number of geographically dispersed agents. This provides a global view of existing and emerging attacks patterns and security events, allowing rapid notification and facilitating development of countermeasures. A number of dIDS with global scope have been active for several years, and are rapidly evolving as the nature of the threats change. Five of these are discussed and compared with each other in terms of focus, data source, notification tools, available agents, statistical reporting tools and linkage to security and vulnerability information.