Abstract

In this paper, distributed intrusion detection systems (IDSs)in the literature are reviewed. There are two types of IDS, depending on the interoperability. Stand-alone systems decide on their own. Distributed systems are composed of multiple components processing different data and work together to make a global decision. Distributed IDSs present some difficulties compared to stand-alone systems. For example, problems such as the structure of message communication, establishment of a trust mechanism, joint decision making are the issues discussed in the studies related to such systems. A detailed literature review has been made for the distributed IDSs which are the focus of our study. The studies considered to be within the scope of our study were investigated and presented comparatively. Although the initial studies on interoperable systems began in the 1990s, the issue is still open to improvement, as there is no widespread system that has become product. On the other hand, due to the development of artificial intelligence systems, innovative studies are being conducted on cyber threat detection. Therefore, the subject is thought to be open to improvement and in the last part of the study, suggestions are given for those who want to work on the subject.

References

[1] F. Cuppens and R. Ortalo, “LAMBDA: A Language to Model a Database for Detection of Attacks,” Springer, Berlin, Heidelberg, 2000, pp. 197-216.
[2] F. Cuppens and A. Miege, “Alert correlation in a cooperative intrusion detection framework,” in Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 202-215.
[3] S. T. Eckmann, G. Vigna, and R. A. Kemmerer, “STATL: An attack language for state-based intrusion detection,” J. Comput. Secur., vol. 10, no. 1-2, pp. 71-103, Jan. 2002.
[4] H. Debar, D. Curry, and B. Feinstein, “The Intrusion Detection Message Exchange Format (IDMEF),” RFC, Mar-2007.
[5] R. Danyliw, J. Meijer, and Y. Demchenko, “RFC5070 - The Incident Object Description Exchange Format,” IETF, 2007.
[6] C. Michel and L. Mé, “ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection,” Springer, Boston, MA, 2001, pp. 353-368.
[7] P. Kampanakis, “Security Automation and Threat Information-Sharing Options,” IEEE Secur. Priv., vol. 12, no. 5, pp. 42-51, Sep. 2014.
[8] P. Kácha, “IDEA : Designing the Data Model for Security Event Exchange CESNET-CERTS Computer Security Incident Response Team,” Wseas.Us, pp. 209-214, 2013.
[9] M. E. Locasto, J. J. Parekh, S. Stolfo, A. D. Keromytis, T. G. Malkin, and V. Misra, “Collaborative Distributed Intrusion Detection,” Columbia University Computer Science Technical Reports, CUCS-012-04, 2004.
[10] C. V. Zhou, C. Leckie, and S. Karunasekera, “A survey of coordinated attacks and collaborative intrusion detection,” Comput. Secur., vol. 29, no. 1, pp. 124-140, 2010.
[11] C. J. Fung, “Collaborative Intrusion Detection Networks and Insider Attacks,” J. Wirel. Mob. Networks, Ubiquitous Comput. Dependable Appl., vol. 2, no. 1, pp. 63-74, 2011.
[12] A. Abraham and J. Thomas, “Distributed Intrusion Detection Systems - A Computational Intelligence Approach,” in Applications of Information Systems to Homeland Security and Defense, IGI Global, 2006, pp. 107-137.
[13] C. Fung and R. Boutaba, Intrusion Detection Networks A Key to Collaborative Security. Londra: CRC Press, 2014.
[14] S. R. Snapp et al., “A system for distributed intrusion detection,” in Digest of Papers - IEEE Computer Society International Conference, 1991, pp. 170-176.
[15] S. R. Snapp et al., “DIDS (Distributed Intrusion Detection System) − − Motivation, Architecture, and An Early Prototype,” in In Proceedings of the 14th National Computer Security Conference, 1991, pp. 167--176.
[16] M. Y. Huang, R. J. Jasper, and T. M. Wicks, “Large scale distributed intrusion detection framework based on attack strategy analysis,” Comput. Networks, vol. 31, no. 23, pp. 2465-2475, 1999.
[17] D. Frincke and E. Wilhite, “Distributed Network Defense,” Inf. Syst. Secur., pp. 5-6, 2001.
[18] Y. S. Wu, B. Foo, Y. Mei, and S. Bagchi, “Collaborative intrusion detection system (CIDS): A framework for accurate and efficient IDS,” Proc. - Annu. Comput. Secur. Appl. Conf. ACSAC, vol. 2003-Janua, no. Acsac, pp. 234-244, 2003.
[19] Y. Wang, H. Yang, X. Wang, and R. Zhang, “Distributed intrusion detection system based on data fusion method,” Fifth World Congr. Intell. Control Autom. (IEEE Cat. No.04EX788), no. 2, pp. 4331-4334, 2004.
[20] V. Yegneswaran, P. Barford, and S. Jha, “Global Intrusion Detection in the DOMINO Overlay System.,” Netw. Distrib. Syst. Secur. Symp., 2004.
[21] J. Yu, Y. V. R. Reddy, S. Selliah, S. Reddy, V. Bharadwaj, and S. Kankanahalli, “TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation,” Adv. Eng. Informatics, vol. 19, no. 2, pp. 93-101, 2005.
[22] Y.-F. Zhang, Z.-Y. Xiong, and X.-Q. Wang, “Distributed intrusion detection based on clustering,” 2005 Int. Conf. Mach. Learn. Cybern., vol. 4, no. August, pp. 18-21, 2005.
[23] C. V. Zhou, S. Karunasekera, and C. Leckie, “A Peer-to-Peer Collaborative Intrusion Detection System,” in 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic, 2005, vol. 1, pp. 118-123.
[24] Q. Zhu, C. Fung, R. Boutaba, and T. Başar, “A game-theoretical approach to incentive design in collaborative intrusion detection networks,” Proc. 2009 Int. Conf. Game Theory Networks, GameNets ’09, pp. 384-392, 2009.
[25] A. V. Dastjerdi, K. A. Bakar, and S. G. Hassan Tabatabaei, “Distributed intrusion detection in clouds using mobile agents,” 3rd Int. Conf. Adv. Eng. Comput. Appl. Sci. ADVCOMP 2009, pp. 175-180, 2009.
[26] C. J. Fung and R. Boutaba, “Design and Management of Collaborative Intrusion Detection Networks,” 2013 Ifip/Ieee Int. Symp. Integr. Netw. Manag., pp. 955-961, 2013.
[27] W. Hu, J. Gao, Y. Wang, O. Wu, and S. Maybank, “Online adaboost-based parameterized methods for dynamic distributed network intrusion detection,” IEEE Trans. Cybern., vol. 44, no. 1, pp. 66-82, 2014.
[28] M. Ozalp, C. Karakuzu, and A. Zengin, “Designing of Security Hardware for Wireless Network,” in 2018 3rd International Conference on Computer Science and Engineering (UBMK), 2018, pp. 244-247.