Indra: A Peer-to-Peer Approach to Network Intrusion Detection and Prevention

Abstract

While the spread of the Internet has made the network ubiquitous, it has also rendered networked systems vulnerable to malicious attacks orchestrated from anywhere. These attacks or intrusions typically start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Attackers rely on increasingly sophisticated techniques like using distributed attack sources and obfuscating their network addresses. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targeted single point of failure. Scalable, distributed network intrusion prevention techniques are sorely needed.

We propose Indra---a distributed scheme based on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We present initial ideas for running Indra over a peer-to-peer infrastructure to distribute up-to-date rumors, facts, and trust information in a scalable way.

Documents

• PDF (6 pages, 65 kBytes)
• Slides: OpenOffice original, PowerPoint export, HTML
• CiteSeer/ResearchIndex information on Indra
• Indra project page, including sources
• Another networking research project named Indra covers an INtegrated and Differentiated Resource Management Architecture and also provides some mythological background
• Wikipedia's definition of the Hindu deity Indra
• Related to the P2P project

BibTeX entry

@InProceedings{janakiraman03indra,
  Author =       {Ramaprabhu Janakiraman and Marcel Waldvogel and Qi Zhang},
  Title =        {Indra: A Peer-to-Peer Approach to Network Intrusion
                  Detection and Prevention},
  BookTitle =    {Proceedings of IEEE WETICE 2003},
  Location =     {Linz, Austria},
  Year =         2003,
  Month =        jun
}