Progress over the summer
During the summer months one of our project partners (KTH) investigated collaborative intrusion detection (CID)
and distributed monitoring (DM) as
possible application areas for SMC. Roberto from KTH gave us a short overview and explanation.
Assume a set of distributed agents that keep logs over
locally chosen observable events. There agents interact via synchronized events
that can represent the delivery or the corresponding reception of a message.
When things go wrong in a system, the usual question is the one of: “What happened?” Distributed monitoring is the problem of computing the possible (global) executions that are compatible with the (local) logs recorded by the agents.
For very large distributed systems, however, the more
meaningful problem is not the one of computing a global solution, but the one
of computing local views of the solution, in a distributed fashion. In other
words the problem is, for each agent, to infer what happened locally, that is,
communicating with the other agents to compute all possible local executions that are:
(i) locally consistent with the logs, and
(ii) globally synchronizable.
This problem is known as modular
distributed monitoring and its solution can be used to debug large
distributed systems or to coordinate intrusion detection activities.
identify possible threats and attacks.