International Journal of Communication Networks and Information Security (IJCNIS)

Because all vulnerabilities of a network cannot be predicted beforehand, and penetration of the system cannot always be prevented, intrusion detection systems have become necessary to ensure the security of a network.  The intrusion detection systems need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today’s network environments, the design of an intrusion detection system has become a very challenging task. A great deal of research has been conducted on intrusion detection in a distributed environment to circumvent the problems of centralized approaches. However, distributed intrusion detection systems suffer from a number of drawbacks e.g., high rates of false positives, low efficiency etc. In this paper, the architecture of a fully distributed intrusion detection system is proposed that uses a set of autonomous and cooperating agents. The system has also the capability of isolating compromised nodes from the intrusion detection activity thereby ensuring fault-tolerance in computation. The experiments conducted on the prototype of the system have shown the effectiveness of the scheme.