Abstract
Typical perimeter-based intrusion detection systems do not provide the user with the necessary preventive protection measures. In addition, many of the available solutions still need to improve their true-positive detection rates and reduce the proportion of false-positive alarms. Therefore, internet service providers, utilising this type of device to defend their assets and subscribers against malicious traffic, may be induced by them to make incorrect decisions. In this paper, we propose a global intrusion detection system, based upon the BGP protocol that establishes a cooperative federation whose members are distributed autonomous intrusion detection elements. These elements are able to propagate alarms of potential threatening flows traversing their respective autonomous systems. We present the architecture for the described approach and an analytical model based upon Dempster-Shafer’s combination rule, in order to evaluate specific performance metrics. The results show significant improvements over the assessed metrics, highlighting the advantage of using the proposed solution as a frontline to prevent cyberattacks.
Similar content being viewed by others
References
Leiner BM, Cerf VG, Clark DD, Kahn RE, Kleinrock L, Lynch DC, Postel J, Roberts LG, Wolff S (2009) A brief history of the internet. SIGCOMM Comput Commun Rev 39(5):22–31
Bass T (2000) Intrusion detection systems and multisensor data fusion. Commun ACM 43(4):99–105
Bilge L, Dumitras T (2012) Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM conference on computer and communications security, CCS’12. ACM, New York, pp 833–844
Stempfley RG (2017) Cert Coordination Center http://www.cert.org/. Accessed: 2018-04-12
Kupreev O, Strohschneider J, Khalimonenko A (2016) Kaspersky DDOS intelligence report for Q3 2016. https://securelist.com/kaspersky-ddos-intelligence-report-for-q3-2016/76464/. Accessed: 2018-04-30
Marques PR, Mauch J, Sheth N, Greene B, Raszuk R, Mcpherson DR (2009) Dissemination of flow specification rules
Bates T, Chandra R, Katz D, Rekhter Y (2007) Multiprotocol extensions for BGP-4
Kim J, Bentley P (1999) An artificial immune model for network intrusion detection. In: 7Th European congress on intelligent techniques and soft computing (EUFIT’99)
Kim J, Bentley P (2001) The human immune system and network intrusion detection. pp 1244–1252
Yegneswaran V, Barford P, Ullrich J (2003) Internet intrusions: Global characteristics and prevalence. SIGMETRICS Perform Eval Rev 31(1):138–147
Igbe O, Darwish I, Saadawi T (2016) Distributed network intrusion detection systems: an artificial immune system approach. In: 2016 IEEE First international conference on connected health: applications, systems and engineering technologies (CHASE), vol 00, pp 101–106
Balasubramaniyan JS, Garcia-Fernandez JO, Isacoff D, Spafford E, Zamboni D (1998) An architecture for Intrusion detection using autonomous agents. In: Proceedings 14th annual computer security applications conference (Cat. No.98EX217), pp 13–24
Cuppens F, Miege A (2002) Alert correlation in a cooperative intrusion detection framework. In: Proceedings 2002 IEEE symposium on security and privacy, pp 202–215
Kruegel C, Valeur F, Vigna G, Kemmerer R (2002) Stateful intrusion detection for high-speed networks. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP’02. IEEE computer society, Washington, p 285
Janakiraman R, Waldvogel M, Zhang Q (2003) Indra: a peer-to-peer approach to network intrusion detection and prevention. In: 12Th IEEE international workshops on enabling technologies (WETICE 2003), infrastructure for collaborative enterprises, 9-11 June 2003. Linz, Austria, pp 226–231
Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the DOMINO overlay system. In: Proceedings of network and distributed system security symposium (NDSS)
Snapp SR, Brentano J, Dias GV, Goan TL, Heberlein LT, Ho CL, Levitt KN, Mukherjee B, Smaha SE, Grance T, Teal DM, Mansur D (1998) Internet besieged. chap. DIDS (distributed intrusion detection system)-motivation, architecture, and an early prototype. New York, NY, USA, pp 211–227
Shah V, Aggarwal AK, Chaubey N (2017) Performance improvement of intrusion detection with fusion of multiple sensors. Complex & Intelligent Systems 3(1):33–39
Thomas C, Balakrishnan N (2009) Improvement in intrusion detection with advances in sensor fusion. IEEE Trans Inf Forensics Secur 4(3):542–551
Wang Y, Yang H, Wang X, Zhang R (2004) Distributed intrusion detection system based on data fusion method. In: Fifth world congress on intelligent control and automation, 2004. WCICA 2004, vol 5. IEEE, pp 4331–4334
Shah VM, Agarwal AK (2017) Reliable alert fusion of multiple intrusion detection systems. International Journal Network Security 19(2):182–192
Thomas C, Balakrishnan N (2008) Performance enhancement of intrusion detection systems using advances in sensor fusion. In: 2008 11th international conference on information fusion. IEEE, pp 1–7
Barford P, Jha S, Yegneswara V (2004) Fusion and filtering in distributed intrusion detection systems. In: Proceedings of the 42nd annual allerton conference on communication, control and computing
Robbins R (2002) Distributed intrusion detection systems: an introduction and review. Tech rep, InfoSec Reading Room - SANS Institute
Silva RS, Macedo ELC (2017) A cooperative approach for a global intrusion detection system for internet service providers. In: 2017 1st cyber security in networking conference (CSNet). pp 1–8
Simmons C, Ellis C, Shiva S, Dasgupta D, Wu Q (2009) AVOIDIT: a cyber attack taxonomy. In: Proceedings of 9th Annual Symposium on Information Assurance-ASIA, vol 14
Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Tech rep, Technical report
Varshney PK (1996) Distributed detection and data fusion. Springer, New York
Shafer G (1976) A mathematical theory of evidence. Princeton University Press, Princeton
Jøsang A (2016) Subjective logic: a formalism for reasoning under uncertainty. Springer, Berlin
Patil A, M, SY (2018) Performance analysis of anomaly detection of KDD cup dataset in R environment. Int J Appl Eng Res 13(6):4576–4582
Neumann JC (2014) The book of GNS3. No Starch Press, San Francisco
Thomas TM, Pavlichek DE, Dwyer III LH, Chowbay R, Downing WW (2003) Juniper networks reference guide: JUNOS routing, configuration, and architecture. Addison-Wesley Professional
Acknowledgements
The authors are profoundly grateful to Evandro L. Macedo for his assistance in helpful discussions, comments and suggestions to write this paper.
Funding
The authors thank FAPERJ—the official funding agency for supporting science & technology research in the State of Rio de Janeiro (Brazil) and Rede-Rio (the state academic backbone network)—for the support given in the course of this work.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Silva, R.S., de Moraes, L.F.M. A cooperative approach with improved performance for a global intrusion detection systems for internet service providers. Ann. Telecommun. 74, 167–173 (2019). https://doi.org/10.1007/s12243-018-0672-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-018-0672-1