An Implementation Of Hierarchical Intrusion Detection Systems Using Snort And Federated Databases

This research presents a pragmatic implementation of a hierarchical distributed intrusion detection system. Several hierarchical distributed intrusion detection architectures have been proposed for use in various network topologies. However, to our knowledge, practical implementations of these solutions have not been explored. This study proposes to implement such an architecture using a combination of Snort and MySQL databases. Intrusion Detection Systems may act as defensive mechanisms, since they monitor network activities in order to detect malicious actions performed by intruders, and then initiate the appropriate countermeasures. This research work also shows the root node is at the top of the IDS hierarchy and receives aggregated/consolidated intrusion detection information from the entire network by using federated databases. Intrusion detection occurs at the cluster head of each cluster by gathering data from cluster members to have faster detection. Ultimately, this is an initial step towards evaluation of hierarchical intrusion detection approaches.