1 ABSTRACT
Intrusion detection systems (IDS) serve to assess what types of risks computer networks are facing. Since a single IDS usually doesn't “see” but a small portion of a network, it is advisable to try to acquire a more holistic view by placing several (independent) sensors and to analyse all the data gathered.
One of the goals of the project was to look at the Internet in its entirety in order to better understand how attacks compare in different subnets or regions. This is already very useful when investigating worms and viruses and could eventually lead to an early warning system.
This article will discuss the actual realisation of a distributed sensor network as well as (some) analyses and statistics based upon the data gathered.
© Copyright by K.G. Saur Verlag 2004
