Design and implementation of a distributed network-based intrusion detection system
Eng. José Ignacio Sánchez Martín.
Prof. Dr. Javier Areitio Bertolín – Professor of the Faculty of Engineering. ESIDE. Director of the Networks and Systems Research Group University of Deusto.
This article deals with the development of a Network-based Distributed Intrusion Detection System (or DNIDS) that has been called the Asgard System, which will be in charge of monitoring and analyzing all the traffic that circulates within a TCP/IP network in the that has been installed, looking for certain patterns-signatures that could indicate the occurrence of a certain computer attack against any of the machines on said network, or against the network itself. The distributed nature provides the system with the necessary scalability and adaptability so that it can adjust to the performance needs of any network. The system has a high capacity for customization, making it possible to easily add rules for the detection of new attacks and implement customized reactions to detected attacks. The low cost of the system, derived from its distributed architecture and its free nature (GPL license), together with its high capacity to be configured to measure, make Asgard a valuable alternative to take into account compared to existing commercial NIDS.
