Abstract
Network intrusion detection systems (NIDSs) have become an essential part for current network security infrastructure. However, in a large-scale network, the overhead network packets can greatly decrease the effectiveness of such detection systems by significantly increasing the processing burden of a NIDS. To mitigate this issue, we advocate that constructing a packet filter is a promising and complementary solution to reduce the workload of a NIDS, especially to reduce the burden of signature matching. We have developed a blacklist-based packet filter to help a NIDS filter out network packets and achieved positive experimental results. But the calculation of IP confidence is still a big challenge for our previous work. In this paper, we further design a packet filter with a trust-based method using Bayesian inference to calculate the IP confidence and explore its performance with a real dataset and in a network environment. We also analyze the trust-based method by comparing it with our previous weight-based method. The experimental results show that by using the trust-based calculation of IP confidence, our designed trust-based blacklist packet filter can achieve a better outcome.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31(23-24), 2435–2463 (1999)
Roesch, M.: Snort: Lightweight Intrusion Detection for Networks. In: 13th Large Installation System Administration Conference (LISA), pp. 229–238. USENIX Association Berkeley, CA (1999)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94 (February 2007)
Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection Approach. In: Annual Computer Security Applications Conference (ACSAC), pp. 25–34. IEEE Press, New York (1998)
Colasoft Packet Builder, http://www.colasoft.com
Valdes, A., Anderson, D.: Statistical Methods for Computer Usage Anomaly Detection Using NIDES. Technical Report, SRI International (January 1995)
Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Annual Computer Security Applications Conference (ACSAC), pp. 259–267 (1998)
Snort, The Open Source Network Intrusion Detection System, http://www.snort.org/
Sommer, R., Paxson, V.: Outside the closed world: On using Machine Learning for Network Intrusion Detection. In: IEEE Symposium on Security and Privacy, pp. 305–316. IEEE, New York (2010)
Carl, G., Kesidis, G., Brooks, R.R., Suresh, R.: Denial-of-Service Attack-Detection Techniques. IEEE Internet Computing 10(1), 82–89 (2006)
Paxson, V.: An Analysis of using Reflectors for Distributed Denial-of-Service Attacks. ACM Computer Communication Review 31(3) (July 2001)
Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-volume Network Intrusion Detection. In: ACM Conference on Computer and Communications Security (CCS), pp. 2–11. ACM, USA (2004)
Fisk, M., Varghese, G.: An Analysis of Fast String Matching Applied to Content-based Forwarding and Intrusion Detection. Technical Report CS2001-0670, University of California, San Diego (2002)
Rivest, R.L.: On the Worst-case Behavior of String-Searching Algorithms. SIAM Journal on Computing 6, 669–674 (1977)
Michel, B., Jyanthi, H., Evangelos, K.: Detecting Impersonation Attacks in Future Wireless and Mobile Networks. In: Workshop on Secure Mobile Ad-hoc Networks and Sensors, pp. 1–16 (2005)
Wireshark, http://www.wireshark.org/
Meng, Y., Kwok, L.F.: Adaptive Context-aware Packet Filter Scheme using Statistic-based Blacklist Generation in Network Intrusion Detection. In: 7th International Conference on Information Assurance and Security (IAS 2011), pp. 74–79. IEEE Press, New York (2011)
Sun, Y., Yu, W., Han, Z., Liu, K.: Information Theoretic Framework of Trust Modeling and Evaluation for ad hoc Networks. IEEE Journal on Selected Areas in Communications 24(2), 305–317 (2006)
Gonzalez, J.M., Anwar, M., Joshi, J.B.D.: A Trust-based Approach against IP-Spoofing Attacks. In: 9th International Conference on Privacy, Security and Trust (PST 2011), pp. 63–70 (2011)
Yao, W., Julita, V.: Bayesian Network-Based Trust Model. In: IEEE/WIC International Conference on Web Intelligence, pp. 372–378. IEEE, New York (2003)
Chung, T.N., Camp, O., Loiseau, S.: A Bayesian Network based Trust Model for Improving Collaboration in Mobile ad hoc Networks. In: IEEE International Conference on Research, Innovation and Vision for the Future, pp. 144–151 (2007)
Ioannis, S., Vasilis, D., Dionisios, P., Stamatis, V.: Packet Pre-filtering for Network Intrusion Detection. In: ACM/IEEE Symposium on Architecture for Networking and Communications Systems (ANCS), pp. 183–192. ACM, New York (2006)
Ning, W., Luke, V., Benfano, S.: Deep Packet Pre-filtering and Finite State Encoding for Adaptive Intrusion Detection System. Computer Networks 55(8), 1648–1661 (2011)
Zhu, H., Bao, F.: Quantifying Trust Metrics of Recommendation Systems in Ad-Hoc Networks. In: 2007 IEEE Wireless Communications and Networking Conference (WCNC), pp. 2904–2908. IEEE, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Meng, Y., Kwok, LF., Li, W. (2013). Towards Designing Packet Filter with a Trust-Based Approach Using Bayesian Inference in Network Intrusion Detection. In: Keromytis, A.D., Di Pietro, R. (eds) Security and Privacy in Communication Networks. SecureComm 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36883-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-36883-7_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36882-0
Online ISBN: 978-3-642-36883-7
eBook Packages: Computer ScienceComputer Science (R0)