CHAPTER 4
 KNOWLEDGE SHARING

 In the previous chapter we took a look at the distributed architecture for the IDS.

This chapter presents a brief overview of the techniques for sharing information gathered

at the various IDSs. The design and implementation of this information sharing model is

explained in detail in Chengalvarayan [6].

 4.1 Design of Knowledge Sharing Mechanism

 Every cell in the distributed system has a dedicated host called the Knowledge

Store. This host logs all events reported by detectors in its cell. Knowledge stores in

different cells form cells between themselves and transfer information about cell

activities between themselves. Thus the events happening in one cell are propagated to all

other cells in the system.

 By this sharing of information the IDSs on different cells learn about how to react

to attacks. They do this by dynamically updating their rule base with the rules of the host

that experienced the attack. Thus they know what agents to execute in response to a new

attack. By propagating information on attacks to other parts of the network, it is possible

to analyze network activity on a global scale. This scheme also prevents information

about an attack from being lost.