Skip to Main Content
Among the current information security prevention systems such as firewalls and intrusion detection systems, there exist several shortages such as alert overload, high false alarm rate, absence of effective alert management mechanism etc. As a result, there is a tremendous amount of alert data overload in the network, and this data could be redundant, irrelevant or meaningless. The result of this information flooding is the inability to correctly correlate the events to locate the security breach. In this paper, we aim to present the architecture of an integrated computer network defense system that is efficient, distributed and adaptable; in short, a good match for the dynamic environment of cloud computing. The use of peer-to-peer architecture is investigated for computer network defense. The architecture consists of an advanced intrusion detection system for identification of malicious traffic in such a manner that a centralized controller correlating the events is not overwhelmed by the deluge of alerts. We investigate the Content Addressable Network Distributed Hash Table for the event aggregation.