Abstract

An intrusion detection system (IDS) is an effective proactive measure for protecting the security and integrity of information by identifying attacks before they can cause damage. damage to information systems. For large and mission-critical systems, the proposed solution involves building a collaborative IDS network to improve intrusion detection efficiency. When IDS A identifies suspicious behavior X, it sends an alert to the collaborating IDS, signaling the possibility of a large-scale attack and allowing proactive responses to be taken. However, challenges arise when attacks occur at multiple locations simultaneously, as simultaneous alert transmission from an IDS can increase network traffic, potentially overloading systems and causing bottleneck congestion. This study introduces an advanced hierarchical communication architecture that uses aggregation and clustering methods for preprocessing and cluster warning before transmission to the network. In this model, IDSs selectively share information only with their respective “parent” nodes. At “parent” nodes, alerts originating from child nodes ...