Design and Simulation of a Tree-Based Intrusion Detection System against Denial of Service
Based on analysis of relative and absolute traffic anomalies a fully DIDS(Distributed Intrusion Detection System) is built to detect and respond flooding DoS(Denial of Service) in a specific network area, using traffic trees as data structure to store, execute, communicate and combine abnormal data. A single component settled in a network element is called Tree-Devices and all Tree-Devices construct a Tree-DIDS, a fully DIDS. Tree-Devices communicate with other devices in three ways and collaborate to detect attacks, by which communication cost is reduced. Fully architecture avoids the single point failure, while double anomalies help to warn earlier. The simulation results and performance analysis show that Tree-DIDS works effectively.
Y. Bai and Z. Y. Bai, "Design and Simulation of a Tree-Based Intrusion Detection System against Denial of Service", Applied Mechanics and Materials, Vols. 29-32, pp. 790-795, 2010