A peer-to-peer architecture for detecting attacks from network traffic and log data

Intrusion detection systems (IDS) support the recognition of attacks, based on the analysis of data coming from either network data (Network-based IDS) or, in alternative, from logs stored in a host (Host-based IDS). Exploiting heterogeneous data coming from both kinds of sources could be useful to detect coordinated attacks and to reduce the number of false alarms, but poses challenges in terms of both information integration and scalability. In order to foster the development of such a hybrid IDS, we here propose a p2p intrusion detection architecture, which combines different data manipulation/mining techniques and a collaborative ensemble-based learning approach, and al- lows to incrementally classify attacks by integrating information extracted from both network-traffic data and host logs. Preliminary experiments, conducted on real-life dataset, show that the approach is promising.