Distributed hierarchical pattern-matching for network intrusion detection
Taiwan Academic Network Management Committee
School of Science
Network intrusion detection systems are widely used in present-day public and private networks to successfully detect cyber intrusions. In recent times, a plethora of readily available hacking tools have widened the adversarial attack surface to launch advanced malicious attacks. This entails the need to devise and deploy stronger security solutions including countermeasures that prevent, detect, and deter such attacks. The need for an efficient and effective mechanism for detecting network intrusions in real-time cannot be understated. Distributed pattern matching through information sharing between intrusion detection agents is one such approach towards identifying anomalous activity in a network. In this paper, a novel distributed pattern matching approach is proposed for detecting malicious network activities through first analyzing network traffic by detector agents, and subsequently exchanging information (subpattern) among detector agents in order to holistically identify anomalous network activities. The detection effectiveness of the proposed approach is studied using simulation conducted considering different pattern exchange hierarchies. Simulation results show that our approach yields high accuracies in intrusion detection with low false alarm rates.