Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection

Abstract

Intrusion detection systems (IDSs) are usually deployed within the confines of an organization. There is usually no exchange of information between an IDS in one organization with those in other organizations. The effectiveness of IDSs at detecting present-day sophisticated attacks would increase significantly if there are inter-organizational communication and sharing of information among IDSs. We envision a global Internet-scale defense infrastructure, which we call the Intrusion Detection Force (IDF), that would protect organizations and defend the Internet as a whole. The paper provides a blueprint of the IDF, where we discuss the requirements to deploy such an infrastructure, and describe its architecture and design in terms of its basic building blocks and major components. We also describe a few at:applications of the IDF architecture, and provide a small experimental prototype that we are currently extending as part of our vision to implement the full IDF infrastructure.