LarSID is a scalable middleware for large scale intrusion detection, which is based on a distributedhash table (DHT) architecture. LarSID provides a platform for sharing suspicious evidence between participating intrusion detection systems in order to detect large scale attacks at an early stage. Each participant periodically subscribes its suspicious evidence collected from its own subnetwork to the large scale intrusion detection service via a publish/subscribe mechanism. The participant will then be notified if the subscribed evidence has been confirmed as a potential attack. All this suspicious evidence is exchanged anonymously.
Requirements
LarSID is implemented as a lightweight middleware on top of OpenDHT, a public DHT service. We use the OpenDHT ReDiR library to implement the DHT data routing mechanism of the LarSID middleware.
The SFS Library and OPeN library should be installed first to build and run LarSID middleware. LarSID works with different versions of Unix and Linux on which SFS library and OPeN library are supported.
Downloads
All our source code, binaries and documentations are released under the Australian Public Licence B (OZPLB) which was created by applying minimal changes to the UIUC/NCSA licence to make it compatible with the Australian Trade Practices Act, 1974.
Please note: the current release is for demonstration only and shouldn't be used for production environment.
Source Code
Here is a C++ implementation of the LarSID middleware.
This software and its official website are designed and maintained by Chenfeng Vincent Zhou.
Bugs can be reported directly to our bug tracker.
Alternatively, you can email me at cvzhou at csse.unimelb.edu.au.
This page, its contents and style, are the responsibility of the
author and do not necessarily represent the view, policies or opinions
of The University of Melbourne.