Information sharing for distributed intrusion detection systems

In this paper, we present an information sharing model for distributed intrusion detection systems. The typical challenges faced by distributed intrusion detection systems is what information to share and how to share information. We address these problems by using the Cumulative Sum algorithm to collect statistics at each local system, and use a machine learning approach to coordinate the information sharing among the distributed detection systems. Our major contributions are two-fold. First, we propose a simple but robust scheme to monitor changes in the local statistics. Second, we present a learning algorithm to decide when to share information so that both the communication overhead among the distributed detection systems and the detection delay are minimized. We demonstrate the application of our information sharing model to a specific distributed intrusion detection scenario. We show that our approach is able to optimize the trade-off between the time required to detect an attack, and the volume of communication between the distributed intrusion detection systems.