Distributed Intrusion Detection Systems: A Computational Intelligence Approach

Abstract

Computer security is defined as the protection of computing systems against threats to confidentiality, integrity and availability. An intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as Intrusion Detection System (IDS). A Distributed IDS (DIDS) consists of several IDS over a large network (s), all of which communicate with each other, or with a central server that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using co-operative intelligent agents distributed across the network(s). This chapter presents a framework for a DIDS comprised of a multi-agent framework with computational intelligent techniques, to reduce the data features to create lightweight detection systems and a hybrid-intelligent system approach to improve detection accuracy.