Advertisement

Annals of Telecommunications

, Volume 74, Issue 3–4, pp 167–173 | Cite as

A cooperative approach with improved performance for a global intrusion detection systems for internet service providers

  • Renato S. SilvaEmail author
  • Luís F. M. de Moraes
Article
  • 108 Downloads

Abstract

Typical perimeter-based intrusion detection systems do not provide the user with the necessary preventive protection measures. In addition, many of the available solutions still need to improve their true-positive detection rates and reduce the proportion of false-positive alarms. Therefore, internet service providers, utilising this type of device to defend their assets and subscribers against malicious traffic, may be induced by them to make incorrect decisions. In this paper, we propose a global intrusion detection system, based upon the BGP protocol that establishes a cooperative federation whose members are distributed autonomous intrusion detection elements. These elements are able to propagate alarms of potential threatening flows traversing their respective autonomous systems. We present the architecture for the described approach and an analytical model based upon Dempster-Shafer’s combination rule, in order to evaluate specific performance metrics. The results show significant improvements over the assessed metrics, highlighting the advantage of using the proposed solution as a frontline to prevent cyberattacks.

Keywords

Cyberattacks Federation BGP Intrusion detection systems Dempster-Shafer Fusion Flow-spec 

Notes

Acknowledgements

The authors are profoundly grateful to Evandro L. Macedo for his assistance in helpful discussions, comments and suggestions to write this paper.

Funding information

The authors thank FAPERJ—the official funding agency for supporting science & technology research in the State of Rio de Janeiro (Brazil) and Rede-Rio (the state academic backbone network)—for the support given in the course of this work.

References

  1. 1.
    Leiner BM, Cerf VG, Clark DD, Kahn RE, Kleinrock L, Lynch DC, Postel J, Roberts LG, Wolff S (2009) A brief history of the internet. SIGCOMM Comput Commun Rev 39(5):22–31CrossRefGoogle Scholar
  2. 2.
    Bass T (2000) Intrusion detection systems and multisensor data fusion. Commun ACM 43(4):99–105CrossRefGoogle Scholar
  3. 3.
    Bilge L, Dumitras T (2012) Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM conference on computer and communications security, CCS’12. ACM, New York, pp 833–844Google Scholar
  4. 4.
    Stempfley RG (2017) Cert Coordination Center http://www.cert.org/. Accessed: 2018-04-12
  5. 5.
    Kupreev O, Strohschneider J, Khalimonenko A (2016) Kaspersky DDOS intelligence report for Q3 2016. https://securelist.com/kaspersky-ddos-intelligence-report-for-q3-2016/76464/. Accessed: 2018-04-30
  6. 6.
    Marques PR, Mauch J, Sheth N, Greene B, Raszuk R, Mcpherson DR (2009) Dissemination of flow specification rulesGoogle Scholar
  7. 7.
    Bates T, Chandra R, Katz D, Rekhter Y (2007) Multiprotocol extensions for BGP-4Google Scholar
  8. 8.
    Kim J, Bentley P (1999) An artificial immune model for network intrusion detection. In: 7Th European congress on intelligent techniques and soft computing (EUFIT’99)Google Scholar
  9. 9.
    Kim J, Bentley P (2001) The human immune system and network intrusion detection. pp 1244–1252Google Scholar
  10. 10.
    Yegneswaran V, Barford P, Ullrich J (2003) Internet intrusions: Global characteristics and prevalence. SIGMETRICS Perform Eval Rev 31(1):138–147CrossRefGoogle Scholar
  11. 11.
    Igbe O, Darwish I, Saadawi T (2016) Distributed network intrusion detection systems: an artificial immune system approach. In: 2016 IEEE First international conference on connected health: applications, systems and engineering technologies (CHASE), vol 00, pp 101–106Google Scholar
  12. 12.
    Balasubramaniyan JS, Garcia-Fernandez JO, Isacoff D, Spafford E, Zamboni D (1998) An architecture for Intrusion detection using autonomous agents. In: Proceedings 14th annual computer security applications conference (Cat. No.98EX217), pp 13–24Google Scholar
  13. 13.
    Cuppens F, Miege A (2002) Alert correlation in a cooperative intrusion detection framework. In: Proceedings 2002 IEEE symposium on security and privacy, pp 202–215Google Scholar
  14. 14.
    Kruegel C, Valeur F, Vigna G, Kemmerer R (2002) Stateful intrusion detection for high-speed networks. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP’02. IEEE computer society, Washington, p 285Google Scholar
  15. 15.
    Janakiraman R, Waldvogel M, Zhang Q (2003) Indra: a peer-to-peer approach to network intrusion detection and prevention. In: 12Th IEEE international workshops on enabling technologies (WETICE 2003), infrastructure for collaborative enterprises, 9-11 June 2003. Linz, Austria, pp 226–231Google Scholar
  16. 16.
    Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the DOMINO overlay system. In: Proceedings of network and distributed system security symposium (NDSS)Google Scholar
  17. 17.
    Snapp SR, Brentano J, Dias GV, Goan TL, Heberlein LT, Ho CL, Levitt KN, Mukherjee B, Smaha SE, Grance T, Teal DM, Mansur D (1998) Internet besieged. chap. DIDS (distributed intrusion detection system)-motivation, architecture, and an early prototype. New York, NY, USA, pp 211–227Google Scholar
  18. 18.
    Shah V, Aggarwal AK, Chaubey N (2017) Performance improvement of intrusion detection with fusion of multiple sensors. Complex & Intelligent Systems 3(1):33–39CrossRefGoogle Scholar
  19. 19.
    Thomas C, Balakrishnan N (2009) Improvement in intrusion detection with advances in sensor fusion. IEEE Trans Inf Forensics Secur 4(3):542–551CrossRefGoogle Scholar
  20. 20.
    Wang Y, Yang H, Wang X, Zhang R (2004) Distributed intrusion detection system based on data fusion method. In: Fifth world congress on intelligent control and automation, 2004. WCICA 2004, vol 5. IEEE, pp 4331–4334Google Scholar
  21. 21.
    Shah VM, Agarwal AK (2017) Reliable alert fusion of multiple intrusion detection systems. International Journal Network Security 19(2):182–192Google Scholar
  22. 22.
    Thomas C, Balakrishnan N (2008) Performance enhancement of intrusion detection systems using advances in sensor fusion. In: 2008 11th international conference on information fusion. IEEE, pp 1–7Google Scholar
  23. 23.
    Barford P, Jha S, Yegneswara V (2004) Fusion and filtering in distributed intrusion detection systems. In: Proceedings of the 42nd annual allerton conference on communication, control and computingGoogle Scholar
  24. 24.
    Robbins R (2002) Distributed intrusion detection systems: an introduction and review. Tech rep, InfoSec Reading Room - SANS InstituteGoogle Scholar
  25. 25.
    Silva RS, Macedo ELC (2017) A cooperative approach for a global intrusion detection system for internet service providers. In: 2017 1st cyber security in networking conference (CSNet). pp 1–8Google Scholar
  26. 26.
    Simmons C, Ellis C, Shiva S, Dasgupta D, Wu Q (2009) AVOIDIT: a cyber attack taxonomy. In: Proceedings of 9th Annual Symposium on Information Assurance-ASIA, vol 14Google Scholar
  27. 27.
    Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Tech rep, Technical reportGoogle Scholar
  28. 28.
    Varshney PK (1996) Distributed detection and data fusion. Springer, New YorkGoogle Scholar
  29. 29.
    Shafer G (1976) A mathematical theory of evidence. Princeton University Press, PrincetonzbMATHGoogle Scholar
  30. 30.
    Jøsang A (2016) Subjective logic: a formalism for reasoning under uncertainty. Springer, BerlinCrossRefzbMATHGoogle Scholar
  31. 31.
    Patil A, M, SY (2018) Performance analysis of anomaly detection of KDD cup dataset in R environment. Int J Appl Eng Res 13(6):4576–4582Google Scholar
  32. 32.
    Neumann JC (2014) The book of GNS3. No Starch Press, San FranciscoGoogle Scholar
  33. 33.
    Thomas TM, Pavlichek DE, Dwyer III LH, Chowbay R, Downing WW (2003) Juniper networks reference guide: JUNOS routing, configuration, and architecture. Addison-Wesley ProfessionalGoogle Scholar

Copyright information

© Institut Mines-Télécom and Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Ravel Laboratory – PESC / Coppe-UFRJRio de JaneiroBrazil

Personalised recommendations