Date Added: Jun 2010
Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based Intrusion Detection System (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, the authors present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Their simulation results corroborate their theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.