A Novel Application of the P2P Technology for Intrusion Detection

Abstract

The importance of the network security problems come into prominence by the growth of the Internet. This article presents a new kind of software that uses the network itself to protect the hosts and increase their security. The hosts running this software create an application level network (ALN) over the Internet (Hosszú, 2005). Nodes connected to this ALN check their operating systems’ log files to detect intrusion attempts. Information collected this way is then shared over the ALN to increase the security of all peers, which can then make the necessary protection steps, for example, blocking network traffic by their own firewall. Different kinds of security software utilizing the network were also written previously (Snort, 2006). The novelty of Komondor is that its client software entities running in each host create a peer-to-peer (P2P) overlay network (Czirkos, 2006). Organization is automatic; it requires no user interaction. This network model ensures stability, which is important for quick and reliable communication between nodes. By this buildup, the system remains useful over the unstable network.