Community-Based Collaborative Intrusion Detection
نویسندگان
چکیده
The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.
منابع مشابه
SMURFEN: A Knowledge Sharing Intrusion Detection Network
The problem of Internet intrusions has become a world-wide security concern. To protect computer users from malicious attacks, Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborator...
متن کاملA Firegroup Mechanism to Provide Intrusion Detection and Prevention System Against DDos Attack in Collaborative Clustered Networks
Distributed Denial of Service (DDOS) attacks are the major concern for security in the collaborative networks. Although non DDOS attacks are also make the network performances poor, the effect of DDOS attacks is severe. In DDOS attacks, flooding of the particular node as victim and jam it with massive traffic happens and the complete network performance is affected. In this paper, a novel Intru...
متن کاملInvestigating the Influence of Special On-Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks
Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN) has thus been developed by allowing intrusion detection system (IDS) nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networ...
متن کاملA Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules
متن کامل
Application of a Collaborative Filtering Recommendation Algorithm Based on Cloud Model in Intrusion Detection
Intrusion detection is a computer network system that collects information on several key points. and it gets these information from the security audit, monitoring, attack recognition and response aspects, check if there are some the behavior and signs against the network security policy. The classification of data acquisition is a key part of intrusion detection. In this article, we use the da...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015