Indra: A Distributed Approach to Network Intrusion Detection and Prevention

Authors

Qi Zhang, Washington University in St Louis
Ramaprabhu Janakiraman, Washington University in St. Louis

Document Type

Technical Report

Department

Computer Science and Engineering

Publication Date

2001-01-01

Filename

WUCS-01-30.PDF

Technical Report Number

WUCS-01-30

Abstract

While advances in computer and communications technology have made the network ubiquitous, they ahve also rendered networked systems vulnerable to malicious attacks orchestrated from a distance. These attacks, usually called cracker attacks or intrusions, start with crackers infiltrating a network through a vulnerable host and then going on to launch further attacks. Crackers depend on increasingly sophisticated techniques like using distributed attack sources. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targetable single point of failure. Scalable, distributed network intrusion prevention software is sorely needed. We propose Indra - a distributed scheme that depends on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We futher describe a plugin mechanism that enables an administrator to simultaneously plug weaknesses in thousands of machines with a single E-Mail.

Comments

Permanent URL: http://dx.doi.org/10.7936/K7M043N3

Recommended Citation

Zhang, Qi and Janakiraman, Ramaprabhu, "Indra: A Distributed Approach to Network Intrusion Detection and Prevention" Report Number: WUCS-01-30 (2001). All Computer Science and Engineering Research.
https://openscholarship.wustl.edu/cse_research/268