IRIA is investigating ways in which information from multiple, distributed intrusion detection systems (IDSs) can be used to detect attacks that would be invisible to any single system or whose significance would be missed if information from only a single system were available. For example, a distributed intrusion detection system could detect an impending distributed denial-of-service (DDOS) attack during the setup phase, when the attacker is collecting zombie machines to use against the ultimate target.
The system has demonstrated effective performance, both in terms of its ability to detect distributed attacks and its computational efficiency while doing so. Efforts to identify a commercialization partner are continuing as part of the normal ISTS technology transfer process.
