Distributed Intrusion Detection Systems: A Survey

Abstract

In this paper, distributed intrusion detection systems (IDSs)in the literature are reviewed. There are two types of IDS, depending on the interoperability. Stand-alone systems decide on their own. Distributed systems are composed of multiple components processing different data and work together to make a global decision. Distributed IDSs present some difficulties compared to stand-alone systems. For example, problems such as the structure of message communication, establishment of a trust mechanism, joint decision making are the issues discussed in the studies related to such systems. A detailed literature review has been made for the distributed IDSs which are the focus of our study. The studies considered to be within the scope of our study were investigated and presented comparatively. Although the initial studies on interoperable systems began in the 1990s, the issue is still open to improvement, as there is no widespread system that has become "product". On the other hand, due to the development of artificial intelligence systems, innovative studies are being conducted on cyber threat detection. Therefore, the subject is thought to be open to improvement and in the last part of the study, suggestions are given for those who want to work on the subject.