Technical Report Number
While advances in computer and communications technology have made the network ubiquitous, they ahve also rendered networked systems vulnerable to malicious attacks orchestrated from a distance. These attacks, usually called cracker attacks or intrusions, start with crackers infiltrating a network through a vulnerable host and then going on to launch further attacks. Crackers depend on increasingly sophisticated techniques like using distributed attack sources. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targetable single point of failure. Scalable, distributed network intrusion prevention software is sorely needed. We propose Indra - a distributed scheme that depends on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We futher describe a plugin mechanism that enables an administrator to simultaneously plug weaknesses in thousands of machines with a single E-Mail.
Zhang, Qi and Janakiraman, Ramaprabhu, "Indra: A Distributed Approach to Network Intrusion Detection and Prevention" Report Number: WUCS-01-30 (2001). All Computer Science and Engineering Research.