In very many situations the collection of data from distributed hosts for its subsequent use to generate an intrusion detection profile may not be technically feasible (e.g., due to data size or network security transfer protocols). This situation is especially evident for data intensive intrusion profile generation (e.g., inducing profiles via data mining techniques). An alternative solution is to build a network profile by applying distributed data analysis methods (e.g., agent based computing). Such an approach is described in this paper. Global profiles are built using a Distributed Data Mining approach that integrates inductive generalization and Agent based computing. In this approach, classification rules are learned via tree induction from distributed data to be used as intrusion profiles. Agents, in a collaborative fashion, generate partial trees and communicate the temporary results among them in the form of indices to the data records. The process is terminated when a final tree is induced. This communication mechanism does not involve any data transfers, and in addition, a compression approach is used to reduce the communication bandwidth of data index transfers.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.