A Peer-to-Peer Architecture for Detecting Attacks from Network Traffic and Log Data

Abstract

Intrusion detection systems (IDS) support the recognition of attacks, based on the analysis of either network traffic data (Network-based IDS) or application/system logs stored in a host (Host-based IDS). Exploiting heterogeneous data coming from both kinds of sources could be useful to detect coordinated attacks and to reduce the number of false alarms, but poses challenges in terms of both information integration and scalability. In order to foster the development of such a hybrid IDS, we here propose a p2p intrusion detection architecture, which combines different data manipulation/mining techniques and a collaborative ensemble-based learning approach, and allows to incrementally classify attacks by integrating information extracted from both network traffic data and host logs. Preliminary experiments, conducted on real-life dataset, show that the approach is promising.