Peer-to-peer architecture for collaborative intrusion and malware detection on a large scale

The complexity of modern network architectures and the epidemic diffusion of malware require collaborative approaches for defense. We present a novel distributed system where each component collaborates to the intrusion and malware detection and to the dissemination of the local analyses. The proposed architecture is based on a decentralized, peer-to-peer and sensor-agnostic design that addresses dependability and load unbalance issues affecting existing systems based on centralized and hierarchical schemes. Load balancing properties, ability to tolerate churn, self-organization capabilities and scalability are demonstrated through a prototype integrating different open source defensive software.