Owing to the swift growth in cyber attacks, intrusion detection systems (IDSs) have become a necessity to help safeguard personal and organizational assets. However, with the increasing size of computer networks, it becomes difficult for a stand-alone IDS to identify sophisticated and advanced threats, such as DDoS attack, due to the lack of contextual information and knowledge regarding the deployed environments. To tackle this issue, distributed and collaborative IDSs (DIDSs and CIDSs) are developed, which enable a set of IDS nodes to operate in a collaborative way through exchanging required information. In this survey, we first summarize the state-of-the-art for traditional DIDSs according to the collaboration topology, e.g., centralized, decentralized, and distributed, and discuss major external and internal threats. Because of the distributed nature and various threats, trust is often enforced among various IDS nodes. We then summarize the relevant research on trust-based DIDSs/CIDSs in a chronological order. Also, we highlight challenges and future directions in this field. The main purpose of this survey is to stimulate more research efforts in developing robust and practical trust-based collaborative intrusion detection.

中文翻译：

---

调查基于信任的协作入侵检测：最先进的技术、挑战和未来方向


由于网络攻击的迅速增长，入侵检测系统 (IDS) 已成为帮助保护个人和组织资产的必需品。然而，随着计算机网络规模的不断扩大，由于缺乏有关部署环境的上下文信息和知识，独立的 IDS 很难识别复杂和高级的威胁，例如 DDoS 攻击。为了解决这个问题，开发了分布式协作IDS（DIDS和CIDS），它们使一组IDS节点能够通过交换所需信息以协作方式运行。在本次调查中，我们首先根据协作拓扑（例如集中式、分散式和分布式）总结了传统 DIDS 的最新技术，并讨论了主要的外部和内部威胁。由于分布式特性和各种威胁，通常在各个 IDS 节点之间强制执行信任。然后我们按时间顺序总结了基于信任的 DIDS/CIDS 的相关研究。此外，我们还强调了该领域的挑战和未来方向。这项调查的主要目的是激发更多的研究工作，开发强大且实用的基于信任的协作入侵检测。