CK-RAID: Collaborative Knowledge Repository for Intrusion Detection System

Abstract

Intrusion Detection Systems (IDSs) are an integral part of an organization's infrastructure. Without an IDS facility in place to monitor network and host activities, attempted and successful intrusion attempts may go unnoticed. This study proposed a Collaborative Knowledge Repository Architecture for Intrusion Detection (CK-RAID). It is based on a distributed network of computer nodes, each with their individual IDS with a centralized knowledge repository system, and firewall acting as a defence. When an unfamiliar attack hits any node, the first step the intrusion monitor takes is to request from Knowledge Repository Server the most effective intrusion response. To improve performance, Intrusion Update module collaborates with IDSs sensor and log by updating their expert rule and intrusion information respectively and removing the old intrusion signature from the knowledge base with the aid of Intrusion Detector Pruning. To ensure security of information exchange, RSA encryption and Digital Signature were used to encode information during transit. The result showed that CK-RAID had a detection rate of 97.2%, compared with Medoid Clustering, Y-means, FCM and K-means that have an accuracy of 96.38%, 87.15%, 82.13% and 77.25% respectively. Therefore, CK-RAID can be deployed for efficient detection of all categories of intrusion detection and response.