Distributed Intrusion Detection Systems (DIDS) are proven to be more powerful than
isolated ones. They represent a promising technology, providing ways to recognize
a great variety of network attacks. Applying them either increases the possibility
of successful detection, or makes it possible at all, still they are not yet widely
use. In this paper we outline some areas of network security where the advantages
of DIDS are spectacular, such as detecting distributed port scans, outgoing DDos attacks,
and worm infectionsSolutions are based on statistical anomaly detection. IDSes are
placed at several parts of the network, sharing their observations, thus reducing
the number of false judgements - which is one of the greatest problems of IDSes today.
We present a mathematical analysis predicting the effectiveness of our algorithm in
case of worm spreads. Later, a simulation will demonstrate how the system works.