REFACING: An autonomic approach to network security based on multidimensional trustworthiness

Several research efforts have recently focused on achieving distributed anomaly detection in an effective way. As a result, new information fusion algorithms and models have been defined and applied in order to correlate information from multiple intrusion detection sensors distributed inside the network. In this field, an approach which is gaining momentum in the international research community relies on the exploitation of the Dempster– Shafer (D–S) theory. Dempster and Shafer have conceived a mathematical theory of evidence based on belief functions and plausible reasoning, which is used to combine separate pieces of information (evidence) to compute the probability of an event. However, the adoption of the D–S theory to improve distributed anomaly detection efficiency generally involves facing some important issues. The most important challenge definitely consists in sorting the uncertainties in the problem into a priori independent items of evidence. We believe that this can be effectively carried out by looking at some of the principles of autonomic computing in a self-adaptive fashion, i.e. by introducing support for self-management, self-configuration and self-optimization functionality. In this paper, we intend to tackle some of the above mentioned issues by proposing the application of the D–S theory to network information fusion. This will be done by proposing a model for a self-management supervising layer exploiting the innovative concept of multidimensional reputation, which we have called REFACING (RElationship–FAmiliarity–Confidence–INteGrity). 2008 Elsevier B.V. All rights reserved.