Skip to main content
SpringerLink
Log in

A cooperative approach with improved performance for a global intrusion detection systems for internet service providers

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Typical perimeter-based intrusion detection systems do not provide the user with the necessary preventive protection measures. In addition, many of the available solutions still need to improve their true-positive detection rates and reduce the proportion of false-positive alarms. Therefore, internet service providers, utilising this type of device to defend their assets and subscribers against malicious traffic, may be induced by them to make incorrect decisions. In this paper, we propose a global intrusion detection system, based upon the BGP protocol that establishes a cooperative federation whose members are distributed autonomous intrusion detection elements. These elements are able to propagate alarms of potential threatening flows traversing their respective autonomous systems. We present the architecture for the described approach and an analytical model based upon Dempster-Shafer’s combination rule, in order to evaluate specific performance metrics. The results show significant improvements over the assessed metrics, highlighting the advantage of using the proposed solution as a frontline to prevent cyberattacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Leiner BM, Cerf VG, Clark DD, Kahn RE, Kleinrock L, Lynch DC, Postel J, Roberts LG, Wolff S (2009) A brief history of the internet. SIGCOMM Comput Commun Rev 39(5):22–31

    Article  Google Scholar 

  2. Bass T (2000) Intrusion detection systems and multisensor data fusion. Commun ACM 43(4):99–105

    Article  Google Scholar 

  3. Bilge L, Dumitras T (2012) Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM conference on computer and communications security, CCS’12. ACM, New York, pp 833–844

  4. Stempfley RG (2017) Cert Coordination Center http://www.cert.org/. Accessed: 2018-04-12

  5. Kupreev O, Strohschneider J, Khalimonenko A (2016) Kaspersky DDOS intelligence report for Q3 2016. https://securelist.com/kaspersky-ddos-intelligence-report-for-q3-2016/76464/. Accessed: 2018-04-30

  6. Marques PR, Mauch J, Sheth N, Greene B, Raszuk R, Mcpherson DR (2009) Dissemination of flow specification rules

  7. Bates T, Chandra R, Katz D, Rekhter Y (2007) Multiprotocol extensions for BGP-4

  8. Kim J, Bentley P (1999) An artificial immune model for network intrusion detection. In: 7Th European congress on intelligent techniques and soft computing (EUFIT’99)

  9. Kim J, Bentley P (2001) The human immune system and network intrusion detection. pp 1244–1252

  10. Yegneswaran V, Barford P, Ullrich J (2003) Internet intrusions: Global characteristics and prevalence. SIGMETRICS Perform Eval Rev 31(1):138–147

    Article  Google Scholar 

  11. Igbe O, Darwish I, Saadawi T (2016) Distributed network intrusion detection systems: an artificial immune system approach. In: 2016 IEEE First international conference on connected health: applications, systems and engineering technologies (CHASE), vol 00, pp 101–106

  12. Balasubramaniyan JS, Garcia-Fernandez JO, Isacoff D, Spafford E, Zamboni D (1998) An architecture for Intrusion detection using autonomous agents. In: Proceedings 14th annual computer security applications conference (Cat. No.98EX217), pp 13–24

  13. Cuppens F, Miege A (2002) Alert correlation in a cooperative intrusion detection framework. In: Proceedings 2002 IEEE symposium on security and privacy, pp 202–215

  14. Kruegel C, Valeur F, Vigna G, Kemmerer R (2002) Stateful intrusion detection for high-speed networks. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP’02. IEEE computer society, Washington, p 285

  15. Janakiraman R, Waldvogel M, Zhang Q (2003) Indra: a peer-to-peer approach to network intrusion detection and prevention. In: 12Th IEEE international workshops on enabling technologies (WETICE 2003), infrastructure for collaborative enterprises, 9-11 June 2003. Linz, Austria, pp 226–231

  16. Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the DOMINO overlay system. In: Proceedings of network and distributed system security symposium (NDSS)

  17. Snapp SR, Brentano J, Dias GV, Goan TL, Heberlein LT, Ho CL, Levitt KN, Mukherjee B, Smaha SE, Grance T, Teal DM, Mansur D (1998) Internet besieged. chap. DIDS (distributed intrusion detection system)-motivation, architecture, and an early prototype. New York, NY, USA, pp 211–227

  18. Shah V, Aggarwal AK, Chaubey N (2017) Performance improvement of intrusion detection with fusion of multiple sensors. Complex & Intelligent Systems 3(1):33–39

    Article  Google Scholar 

  19. Thomas C, Balakrishnan N (2009) Improvement in intrusion detection with advances in sensor fusion. IEEE Trans Inf Forensics Secur 4(3):542–551

    Article  Google Scholar 

  20. Wang Y, Yang H, Wang X, Zhang R (2004) Distributed intrusion detection system based on data fusion method. In: Fifth world congress on intelligent control and automation, 2004. WCICA 2004, vol 5. IEEE, pp 4331–4334

  21. Shah VM, Agarwal AK (2017) Reliable alert fusion of multiple intrusion detection systems. International Journal Network Security 19(2):182–192

    Google Scholar 

  22. Thomas C, Balakrishnan N (2008) Performance enhancement of intrusion detection systems using advances in sensor fusion. In: 2008 11th international conference on information fusion. IEEE, pp 1–7

  23. Barford P, Jha S, Yegneswara V (2004) Fusion and filtering in distributed intrusion detection systems. In: Proceedings of the 42nd annual allerton conference on communication, control and computing

  24. Robbins R (2002) Distributed intrusion detection systems: an introduction and review. Tech rep, InfoSec Reading Room - SANS Institute

  25. Silva RS, Macedo ELC (2017) A cooperative approach for a global intrusion detection system for internet service providers. In: 2017 1st cyber security in networking conference (CSNet). pp 1–8

  26. Simmons C, Ellis C, Shiva S, Dasgupta D, Wu Q (2009) AVOIDIT: a cyber attack taxonomy. In: Proceedings of 9th Annual Symposium on Information Assurance-ASIA, vol 14

  27. Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Tech rep, Technical report

  28. Varshney PK (1996) Distributed detection and data fusion. Springer, New York

    Google Scholar 

  29. Shafer G (1976) A mathematical theory of evidence. Princeton University Press, Princeton

    MATH  Google Scholar 

  30. Jøsang A (2016) Subjective logic: a formalism for reasoning under uncertainty. Springer, Berlin

    Book  MATH  Google Scholar 

  31. Patil A, M, SY (2018) Performance analysis of anomaly detection of KDD cup dataset in R environment. Int J Appl Eng Res 13(6):4576–4582

    Google Scholar 

  32. Neumann JC (2014) The book of GNS3. No Starch Press, San Francisco

    Google Scholar 

  33. Thomas TM, Pavlichek DE, Dwyer III LH, Chowbay R, Downing WW (2003) Juniper networks reference guide: JUNOS routing, configuration, and architecture. Addison-Wesley Professional

Download references

Acknowledgements

The authors are profoundly grateful to Evandro L. Macedo for his assistance in helpful discussions, comments and suggestions to write this paper.

Funding

The authors thank FAPERJ—the official funding agency for supporting science & technology research in the State of Rio de Janeiro (Brazil) and Rede-Rio (the state academic backbone network)—for the support given in the course of this work.

Author information

Authors and Affiliations

  1. Ravel Laboratory – PESC / Coppe-UFRJ, Avenida Horácio Macedo, 2030 Cidade Universitária, 21941-914, Rio de Janeiro, RJ, Brazil

    Renato S. Silva & Luís F. M. de Moraes

Authors
  1. Renato S. Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luís F. M. de Moraes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Renato S. Silva.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Silva, R.S., de Moraes, L.F.M. A cooperative approach with improved performance for a global intrusion detection systems for internet service providers. Ann. Telecommun. 74, 167–173 (2019). https://doi.org/10.1007/s12243-018-0672-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-018-0672-1

Keywords

Search

Navigation