Skip to main content
SpringerLink
Log in

Towards Designing Packet Filter with a Trust-Based Approach Using Bayesian Inference in Network Intrusion Detection

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2012)

Abstract

Network intrusion detection systems (NIDSs) have become an essential part for current network security infrastructure. However, in a large-scale network, the overhead network packets can greatly decrease the effectiveness of such detection systems by significantly increasing the processing burden of a NIDS. To mitigate this issue, we advocate that constructing a packet filter is a promising and complementary solution to reduce the workload of a NIDS, especially to reduce the burden of signature matching. We have developed a blacklist-based packet filter to help a NIDS filter out network packets and achieved positive experimental results. But the calculation of IP confidence is still a big challenge for our previous work. In this paper, we further design a packet filter with a trust-based method using Bayesian inference to calculate the IP confidence and explore its performance with a real dataset and in a network environment. We also analyze the trust-based method by comparing it with our previous weight-based method. The experimental results show that by using the trust-based calculation of IP confidence, our designed trust-based blacklist packet filter can achieve a better outcome.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31(23-24), 2435–2463 (1999)

    Article  Google Scholar 

  2. Roesch, M.: Snort: Lightweight Intrusion Detection for Networks. In: 13th Large Installation System Administration Conference (LISA), pp. 229–238. USENIX Association Berkeley, CA (1999)

    Google Scholar 

  3. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94 (February 2007)

    Google Scholar 

  4. Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection Approach. In: Annual Computer Security Applications Conference (ACSAC), pp. 25–34. IEEE Press, New York (1998)

    Google Scholar 

  5. Colasoft Packet Builder, http://www.colasoft.com

  6. Valdes, A., Anderson, D.: Statistical Methods for Computer Usage Anomaly Detection Using NIDES. Technical Report, SRI International (January 1995)

    Google Scholar 

  7. Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Annual Computer Security Applications Conference (ACSAC), pp. 259–267 (1998)

    Google Scholar 

  8. Snort, The Open Source Network Intrusion Detection System, http://www.snort.org/

  9. Sommer, R., Paxson, V.: Outside the closed world: On using Machine Learning for Network Intrusion Detection. In: IEEE Symposium on Security and Privacy, pp. 305–316. IEEE, New York (2010)

    Google Scholar 

  10. Carl, G., Kesidis, G., Brooks, R.R., Suresh, R.: Denial-of-Service Attack-Detection Techniques. IEEE Internet Computing 10(1), 82–89 (2006)

    Article  Google Scholar 

  11. Paxson, V.: An Analysis of using Reflectors for Distributed Denial-of-Service Attacks. ACM Computer Communication Review 31(3) (July 2001)

    Google Scholar 

  12. Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-volume Network Intrusion Detection. In: ACM Conference on Computer and Communications Security (CCS), pp. 2–11. ACM, USA (2004)

    Google Scholar 

  13. Fisk, M., Varghese, G.: An Analysis of Fast String Matching Applied to Content-based Forwarding and Intrusion Detection. Technical Report CS2001-0670, University of California, San Diego (2002)

    Google Scholar 

  14. Rivest, R.L.: On the Worst-case Behavior of String-Searching Algorithms. SIAM Journal on Computing 6, 669–674 (1977)

    Article  MathSciNet  MATH  Google Scholar 

  15. Michel, B., Jyanthi, H., Evangelos, K.: Detecting Impersonation Attacks in Future Wireless and Mobile Networks. In: Workshop on Secure Mobile Ad-hoc Networks and Sensors, pp. 1–16 (2005)

    Google Scholar 

  16. Wireshark, http://www.wireshark.org/

  17. Meng, Y., Kwok, L.F.: Adaptive Context-aware Packet Filter Scheme using Statistic-based Blacklist Generation in Network Intrusion Detection. In: 7th International Conference on Information Assurance and Security (IAS 2011), pp. 74–79. IEEE Press, New York (2011)

    Chapter  Google Scholar 

  18. Sun, Y., Yu, W., Han, Z., Liu, K.: Information Theoretic Framework of Trust Modeling and Evaluation for ad hoc Networks. IEEE Journal on Selected Areas in Communications 24(2), 305–317 (2006)

    Article  Google Scholar 

  19. Gonzalez, J.M., Anwar, M., Joshi, J.B.D.: A Trust-based Approach against IP-Spoofing Attacks. In: 9th International Conference on Privacy, Security and Trust (PST 2011), pp. 63–70 (2011)

    Google Scholar 

  20. Yao, W., Julita, V.: Bayesian Network-Based Trust Model. In: IEEE/WIC International Conference on Web Intelligence, pp. 372–378. IEEE, New York (2003)

    Google Scholar 

  21. Chung, T.N., Camp, O., Loiseau, S.: A Bayesian Network based Trust Model for Improving Collaboration in Mobile ad hoc Networks. In: IEEE International Conference on Research, Innovation and Vision for the Future, pp. 144–151 (2007)

    Google Scholar 

  22. Ioannis, S., Vasilis, D., Dionisios, P., Stamatis, V.: Packet Pre-filtering for Network Intrusion Detection. In: ACM/IEEE Symposium on Architecture for Networking and Communications Systems (ANCS), pp. 183–192. ACM, New York (2006)

    Google Scholar 

  23. Ning, W., Luke, V., Benfano, S.: Deep Packet Pre-filtering and Finite State Encoding for Adaptive Intrusion Detection System. Computer Networks 55(8), 1648–1661 (2011)

    Article  Google Scholar 

  24. Zhu, H., Bao, F.: Quantifying Trust Metrics of Recommendation Systems in Ad-Hoc Networks. In: 2007 IEEE Wireless Communications and Networking Conference (WCNC), pp. 2904–2908. IEEE, New York (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, College of Science and Engineering, City University of Hong Kong, Hong Kong, China

    Yuxin Meng & Lam-For Kwok

  2. Computer Science Division, Zhaoqing Foreign Language College, Guangdong, China

    Wenjuan Li

Authors
  1. Yuxin Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lam-For Kwok
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, M.C. 0401, 10027-7003, New York, NY, USA

    Angelos D. Keromytis

  2. Dipartimento di Matematica, Università degli Studi Roma Tre, Largo San Leonardo Murialdo 1, 00146, Rome, Italy

    Roberto Di Pietro

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Meng, Y., Kwok, LF., Li, W. (2013). Towards Designing Packet Filter with a Trust-Based Approach Using Bayesian Inference in Network Intrusion Detection. In: Keromytis, A.D., Di Pietro, R. (eds) Security and Privacy in Communication Networks. SecureComm 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36883-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36883-7_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36882-0

  • Online ISBN: 978-3-642-36883-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation