Distributed detection system of security intrusions based on partially ordered events and patterns

Abstract

The proposed system architecture of intrusion detection12 uses a two-layer hybrid model for detecting intrusions. The system operates on the basis of partial network flows in real communication operation and provides processing of these data in real time. First layer consists of detection sensors which provide basic processing of input data on behalf of statistical methods with a direct connection to countermeasure modules. Performance and accuracy of the modeling system is ensured by using central distributed processing, in which the detection of generalized description of partial ordered events is used, preventing the intrusion itself. By doing so the attack variability issues of the same type are provided. © 2009 Springer-Verlag Berlin Heidelberg.