In this chapter, the authors present a novel peer-to-peer based intrusion detection system called Komondor, more specifically, its internals regarding the utilized peer-to-peer transport layer. The novelty of our intrusion detection system is that it is composed of independent software instances running on different hosts and is organized into a peer-to-peer network. The maintenance of this overlay network does not require any user interaction. The applied P2P overlay network model enables the nodes to communicate evenly over an unstable network. The base of our Komondor NIDS is a P2P network similar to Kademlia. To achieve high reliability and availability, we had to modify the Kademlia overlay network in such a way so that it would be resistent to network failures and support broadcast messages. The main purpose of this chapter is to present our modifications and enhancements on Kademlia.
