CIDS deployment model
CIDS framework has P2P architecture with no central coordinator,
where the network load is symmetrically distributed to all nodes.
In CIDS each node has its own analyzer and detector components that
are connected to the behavior and knowledge based databases. This
differs from distributed centralized IDSs, where a centralized
management system collects all the data.
The individual analysis reduces the complexity and the volume of
data exchanged among nodes, but at the same time it increases
the processing overhead inside a single node.
We will explain later, how our HSGAA approach can reduce this
overhead. Since CIDS has no single point of failure, the framework
represents a moderate solution for attack resistibility.
The cloud scheduler machine has some components (i.e., Report
Producer and NIDS Alert Parser and Summarizer) that do not represent
a single point of failure, because there are several copies of the
scheduler node in the cloud with a fault tolerance technique
provided by the middleware to backup the processing data.
Figures 2 and 3 show the
deployment of CIDS components installed in the scheduler node in both hybrid and
pure P2P models respectively.
Figure.2: CIDS in Hybrid P2P model
Figure.3: CIDS in Pure P2P
model
In the hybrid model, each node communicates to any other node outside its domain through its domain controller i.e., no direct connection between two nodes in different domain. Whereas, in the pure P2P model, each node communicates directly to other nodes without using the domain controller i.e., the domain controllers work like the other peers but with a scheduler to perform the scheduling tasks.