Abstract
The importance of the network security problems comes into prominence with the growth of the Internet. This article presents a special approach to the intrusion detection (ID) problem, which relies on the collaboration of the protection programs running on different hosts. Computers connected to networks are to be protected by various means (Kemmerer & Vigna, 2002). The collaboration of the elements of the proposed intrusion detection system uses the so-called peer-to-peer (P2P) communication model. The article first presents the usage of the P2P paradigm for improving the protection of the operating systems (Bauer, 2005).
Key Terms in this Chapter
Distributed System: The components of the system are geographically far from each other, usually without a central management. Typically the overlay networks based on the P2P model (see below) are distributed.
Peer-to-Peer (P2P) Model: A communication way where each node has the same authority and communication capability. These nodes create a virtual network, overlaid on the Internet. The members of the overlay organize themselves into a topology for data transmission.
Intrusion: An attacker gaining access to some computer system, to steal or damage data, or to control and use its resources.
Byzantine Node: A participant in a system, which tries to damage its operation intentionally; for example by not forwarding messages to other participants.
Intrusion Detection System (IDS): It can examine the contents of the packets allowed through the firewall. It monitors network traffic to look for known signature attack patterns. When malicious traffic is observed, the IDS generates an alert.
Client/Server Model: A way of communication, in which one host has more functionality than the other. It differs from the P2P model (see below).
Application Level Network (ALN): The applications, which are running in the hosts, can create a virtual network from their logical connections. This is also called an overlay network. The operations of such software entities are not understandable without knowing their logical relations. In most cases this ALN software entities use the P2P model (see below), not the client/server (see below) one for the communication.
Security Policy: A set of rules, which are used to manage expectations and provisions of how a system should be used. These rules should be obeyed by users as well as administrators of the system.
Firewall: This is a host or router, which provides a strict gateway to the Internet for a subnetwork, checking traffic and maybe dropping some network packets.
Scale-Free Networks: A network is scale-fee if there is no single characteristic scale as measured by node degree, which is the number of link per node. In scale-free networks the majority of the nodes have few links, however, a small number of nodes have many links.