Abstract
A hierarchical peer-to-peer (P2P) model and a data fusion method for network security situation awareness system are proposed to improve the efficiency of distributed security behavior monitoring network. The single point failure of data analysis nodes is avoided by this P2P model, in which a greedy data forwarding method based on node priority and link delay is devised to promote the efficiency of data analysis nodes. And the data fusion method based on repulsive theory-Dumpster/Shafer (PSORT-DS) is used to deal with the challenge of multi-source alarm information. This data fusion method debases the false alarm rate. Compared with improved Dumpster/Shafer (DS) theoretical method based on particle swarm optimization (PSO) and classical DS evidence theoretical method, the proposed model reduces false alarm rate by 3% and 7%, respectively, whereas their detection rate increases by 4% and 16%, respectively.
Similar content being viewed by others
References
Saad R, Nait-Abdesselam F, Serhrouchni A. A collaborative peer-to-peer architecture to defend against DDoS attacks [C]// 33rd IEEE Conference on Local Computer Networks (LCN 2008). Piscataway N J: IEEE Press, 2008: 427–434.
Gong W, Fu W L, Cai L. A neural network based intrusion detection data fusion model [C]// The 3rd International Joint Conference on Computational Science and Optimization (CSO). Piscataway N J: IEEE Press, 2010: 410–414.
Xie F, Peng Y, Yang H Y, et al. Data fusion detection model based on SVM and evidence theory [C]// IEEE 14th International Conference on Communication Technology (ICCT). Piscataway N J: IEEE Press, 2012: 814–818.
Wang L, Xiao H J. An integrated decision system for intrusion detection [C]// International Conference on Multimedia Information Networking and Security (MINES’ 09). Piscataway N J: IEEE Press, 2009: 417–421.
Yao S P. Research of Data Fusion Based on Modified PSO Neural Network [D]. Harbin: Harbin Engineering University, 2008(Ch).
Nehinbe J O. Understanding the decision rules for partitioning logs of intrusion detection systems (IDS) [J]. International Journal of Internet Technology and Secured Transactions, 2011, 3(3): 293–309.
Zhou X Y, Wu Z J, Wang H. Elite opposition-based particle swarm optimization [J]. Acta Electronica Sinica, 2013, (8): 1647–1652(Ch).
Tsujimoto T, Shindo T, Kimura T, et al. A relationship between network topology and search performance of PSO [C]// IEEE Congress on Evolutionary Computation (CEC). Piscataway N J: IEEE Press, 2012: 1–6.
Konstantinos E. Parsopoulos. Cooperative micro-particle swarm optimization [C]// Proceedings of the 1st ACM/SIGEVO Summit on Genetic and Evolutionary Computation (GEC’09). New York: ACM Press, 2009: 467–474.
Liu Y H, Li Y L, Yang L T. et al. The resource locating strategy based on sub-domain hybrid P2P network model [C] // Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW), 2010 IEEE International Symposium. Piscataway N J: IEEE Press, 2010: 1–8.
Jiang L M, He J L, Zhang H. Approach for conflicting evidence in D-S theory of evidence [J]. Computer Science, 2011, 38(4): 144–146(Ch).
Qin X Z, Lee W. Statistical causality analysis of infosec alert data [C] // Proceedings of Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer-Verlag Press, 2003: 73–93.
Jie J, Zeng J C, Han C Z. Self-organized particle swarm optimization based on feedback control of diversity [J]. Journal of Computer Research and Development, 2008, 45(3): 464–471.
Liu X W, Wang H Q, Yu J G. Network security situation awareness model based on multi-source fusion [J]. Journal of PLA University of Science and Technology (Natural Science Edition), 2012, 13(4): 403–407(Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (61370212), the Research Fund for the Doctoral Program of Higher Education of China (20122304130002), the Natural Science Foundation of Heilongjiang Province (ZD 201102), and the Fundamental Research Fund for the Central Universities (HEUCFZ1213, HEUCF100601)
Biography: GUO Fangfang, male, Associate professor, Ph.D., research direction: network and information security, mobile peer-to-peer network and the Internet of things.
Rights and permissions
About this article
Cite this article
Guo, F., Hu, Y., Xiu, L. et al. A hierarchical P2P model and a data fusion method for network security situation awareness system. Wuhan Univ. J. Nat. Sci. 21, 126–132 (2016). https://doi.org/10.1007/s11859-016-1148-7
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-016-1148-7
Key words
- distributed security behavior monitoring
- peer-to-peer (P2P)
- data fusion
- DS evidence theory
- PSO algorithm