Research Assistants: J.S. Balasubramani, M. Crosbie, S.A. Kazi, G. Krishnan, K.F. Stein, A. Sundaram, D. Wang
Sponsor: COAST Laboratory sponsors
We address the problem of intrusion detection in an entirely new manner -- instead of a monolithic Intrusion Detection System (IDS) design, we propose a distributed architecture. The approach is to populate hosts in a distributed system with many small, single-purpose detector agents. These agents monitor various aspects of system behavior, and report unusual behavior to one or more monitoring stations. The monitoring stations integrate the many reports into a comprehensible display.
Our design has the advantages of scalability, efficiency, fault-tolerance, and easy configurability. Agents can be customized per host, replicated for fault tolerence, and deployed where especially needed. The impact of these agents is considerably smaller than that of a monolithic monitor.