Skip to Main Content
Distributed intrusion detection system (DIDS) is one of important devices for information security. In this field, how to improve detection rate is one of key issues. In this paper, the importance of event sequence in time is presented. Then, we discuss three factors, i.e. timestamp precision, time synchronization and network delay, which effect detection rate on the view of event sequence in time. On the three aspects, timestamp precision is the key to keep internal event sequence, time synchronization is the base of correcting event sequence among computers, and that network delay makes time-series analysis not true. Accordingly, we address some methods, i.e. raising timestamp precision, active self- adapting time synchronization algorithm and state turnabout mechanism. Experiments indicate that anyone of three measures can elevate detection performance to a certain extent. If they all are adopted, better detection results are revealed.
Date of Conference: 18-21 Sept. 2007