Multi-cloud cooperative intrusion detection system: trust and fairness assurance

Abstract

The sophistication of the recent cloud computing systems has made them more vulnerable to intelligent cyber attacks. Moreover, it is becoming very difficult for a single intrusion detection system (IDS) to detect all existing attacks, due to limited knowledge about such attacks’ patterns and implications. Recent works in cloud security have shown that cooperation among cloud-based IDSs can enhance their accuracy. However, there are two main challenges associated with the existing cooperative IDSs, which are related to trust and fairness assurance. To tackle these challenges, we propose in this paper a cooperative cloud-based IDS framework that (1) enables IDSs to distributively form trustworthy IDSs communities by advancing a trust-based hedonic coalitional game, which allows IDSs to increase their individual detection accuracy in the presence of untrusted IDSs and (2) formulates a fairness assurance mechanism as a Stackelberg game between the well-behaving IDSs and the selfish ones that frequently send consultation requests to other IDSs, and at the same do not answer other IDSs’ consultation requests. Experimental results show the effectiveness of the proposed approach in terms of enhancing the accuracy of detection and achieving the fairness among IDSs in terms of benefits obtained through cooperation.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. 1.

    Man ND, Huh E-N (2012) A collaborative intrusion detection system framework for cloud computing. In: Proceedings of the international conference on IT convergence and security 2011. Springer, pp 91–109

  2. 2.

    Singh D, Patel D, Borisaniya B, Modi C (2016) Collaborative ids framework for cloud. International Journal of Network Security 18(4):699–709

    Google Scholar 

  3. 3.

    Ghribi S (2016) Distributed and cooperative intrusion detection in cloud networks. In: Proceedings of the doctoral symposium of the 17th international middleware conference. ACM, p 7

  4. 4.

    Fung CJ, Zhu Q (2016) Facid: a trust-based collaborative decision framework for intrusion detection networks. Ad Hoc Netw 53:17–31

    Article  Google Scholar 

  5. 5.

    Fung CJ, Lam DY, Boutaba R (2014) Revmatch: an efficient and robust decision model for collaborative malware detection. In: Network operations and management symposium (NOMS), 2014 IEEE. IEEE, pp 1–9

  6. 6.

    Chiba Z, Abghour N, Moussaid K, Rida M, et al. (2016) A cooperative and hybrid network intrusion detection framework in cloud computing based on snort and optimized back propagation neural network. Procedia Computer Science 83:1200–1206

    Article  Google Scholar 

  7. 7.

    Al-Mousa Z, Nasir Q (2015) cl-cidps: a cloud computing based cooperative intrusion detection and prevention system framework. In: International conference on future network systems and security. Springer, pp 181–194

  8. 8.

    Kholidy HA, Baiardi F (2012) Cids: a framework for intrusion detection in cloud systems. In: 2012 ninth international conference on information technology: New generations (ITNG). IEEE, pp 379–385

  9. 9.

    Ray D (2007) A game-theoretic perspective on coalition formation. Oxford University Press, London

    Google Scholar 

  10. 10.

    Shafer G (1992) Dempster-shafer theory. Encyclopedia of artificial intelligence, pp 330–331

  11. 11.

    Von Stackelberg H (2010) Market structure and equilibrium. Springer Science & Business Media, Berlin

    Google Scholar 

  12. 12.

    Abusitta A, Bellaiche M, Dagenais M (2018) A trust-based game theoretical model for cooperative intrusion detection in multi-cloud environments. In: 2018 21st conference on innovation in clouds, internet and networks and workshops (ICIN). IEEE, pp 1–8

  13. 13.

    Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36(1):42–57

    Article  Google Scholar 

  14. 14.

    Lo C-C, Huang C-C, Ku J (2010) A cooperative intrusion detection system framework for cloud computing networks. In: 2010 39th international conference on parallel processing workshops (ICPPW). IEEE, pp 280–284

  15. 15.

    Teng S, Zheng C, Zhu H, Liu D, Zhang W (2014) A cooperative intrusion detection model for cloud computing networks. International Journal of Security and its Applications 8(3):107–118

    Article  Google Scholar 

  16. 16.

    Dermott Á, Qi S, Kifayat K (2015) Collaborative intrusion detection in federated cloud environments. Int J Comput Sci Appl 3(3A):10–20

    Google Scholar 

  17. 17.

    Locasto ME, Parekh JJ, Keromytis AD, Stolfo SJ (2005) Towards collaborative security and p2p intrusion detection. In: Information assurance workshop, 2005. IAW’05. Proceedings from the sixth annual IEEE SMC. IEEE, pp 333–339

  18. 18.

    Cordero CG, Vasilomanolakis E, Mühlhäuser M, Fischer M (2015) Community-based collaborative intrusion detection. In: Securecomm, pp 665–681

  19. 19.

    Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the domino overlay system. In: NDSS

  20. 20.

    Cai M, Hwang K, Kwok Y-K, Song S, Chen Y (2005) Collaborative internet worm containment. IEEE Secur Priv 3(3):25–33

    Article  Google Scholar 

  21. 21.

    Liu X, Zhu P, Zhang Y, Chen K (2015) A collaborative intrusion detection mechanism against false data injection attack in advanced metering infrastructure. IEEE Trans Smart Grid 6(5):2435–2443

    Article  Google Scholar 

  22. 22.

    Patel A, Alhussian H, Pedersen JM, Bounabat B, Júnior JC, Katsikas S (2017) A nifty collaborative intrusion detection and prevention architecture for smart grid ecosystems. Comput Secur 64:92–109

    Article  Google Scholar 

  23. 23.

    Huang N-F, Wang C, Liao I-J, Lin C-W, Kao C-N (2015) An openflow-based collaborative intrusion prevention system for cloud networking. In: 2015 IEEE international conference on communication software and networks (ICCSN). IEEE, pp 85–92

  24. 24.

    Sedjelmaci H, Senouci SM (2015) An accurate and efficient collaborative intrusion detection framework to secure vehicular networks. Comput Electr Eng 43:33–47

    Article  Google Scholar 

  25. 25.

    Zhu Q, Fung C, Boutaba R, Basar T (2009) A game-theoretical approach to incentive design in collaborative intrusion detection networks. In: International conference on game theory for networks, 2009. Gamenets’ 09. IEEE, pp 384–392

  26. 26.

    Zhu Q, Fung C, Boutaba R, Basar T (2012) Guidex: a game-theoretic incentive-based mechanism for intrusion detection networks. IEEE J Sel Areas Commun 30(11):2220–2230

    Article  Google Scholar 

  27. 27.

    Fung C, Zhu Q, Boutaba R, Başar T (2011) Smurfen: a system framework for rule sharing collaborative intrusion detection. In: Proceedings of the 7th international conference on network and services management. International Federation for Information Processing, pp 248–253

  28. 28.

    Zhu Q, Fung C, Boutaba R, Başar T (2011) A game-theoretic approach to rule sharing mechanism in networked intrusion detection systems: robustness, incentives and security. In: 2011 50th IEEE conference on decision and control and European control conference (CDC-ECC). IEEE, pp 243–248

  29. 29.

    Hassan MM, Abdullah-Al-Wadud M, Almogren A, Rahman SK, Alelaiwi A, Alamri A, Hamid Md, et al. (2015) Qos and trust-aware coalition formation game in data-intensive cloud federations. Concurrency and computation: practice and experience

  30. 30.

    Grivas SG, Kumar TU, Wache H (2010) Cloud broker: bringing intelligence into the cloud. In: 2010 IEEE 3rd international conference on cloud computing (CLOUD). IEEE, pp 544–545

  31. 31.

    Wahab OA, Bentahar J, Otrok H, Mourad A (2018) Towards trustworthy multi-cloud services communities: a trust-based hedonic coalitional game. IEEE Trans Serv Comput 11(1):184–201

    Article  Google Scholar 

  32. 32.

    Josang A, Ismail R (2002) The beta reputation system. In: Proceedings of the 15th bled electronic commerce conference, vol 5, pp 2502–2511

  33. 33.

    Yahyaoui H (2012) A trust-based game theoretical model for web services collaboration. Knowl-Based Syst 27:162–169

    Article  Google Scholar 

  34. 34.

    Bogomolnaia A, Jackson MO (2002) The stability of hedonic coalition structures. Games Econom Behav 38(2):201–230

    MathSciNet  Article  MATH  Google Scholar 

  35. 35.

    Dreze JH, Greenberg J (1980) Hedonic coalitions: optimality and stability. Econometrica: Journal of the Econometric Society, pp 987–1003

  36. 36.

    Wahab OA, Bentahar J, Otrok H, Mourad A (2017) Optimal load distribution for the detection of vm-based ddos attacks in the cloud. IEEE transactions on services computing

  37. 37.

    Apt KR, Witzel A (2009) A generic approach to coalition formation. International Game Theory Review 11(03):347–367

    MathSciNet  Article  MATH  Google Scholar 

  38. 38.

    Sandholm T, Larson K, Andersson M, Shehory O, Tohmé F (1999) Coalition structure generation with worst case guarantees. Artif Intell 111(1-2):209–238

    MathSciNet  Article  MATH  Google Scholar 

  39. 39.

    Guazzone M, Anglano C, Sereno M (2014) A game-theoretic approach to coalition formation in green cloud federations. In: 2014 14th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGrid). IEEE, pp 618–625

  40. 40.

    Sinha PK (1998) Distributed operating systems: concepts and design. PHI Learning Pvt Ltd

  41. 41.

    Wooldridge M (2009) An introduction to multiagent systems. Wiley, New York

    Google Scholar 

  42. 42.

    Kshemkalyani AD, Singhal M (2011) Distributed computing: principles, algorithms, and systems. Cambridge University Press, Cambridge

    Google Scholar 

  43. 43.

    Saad W, Han Z, Basar T, Debbah M, Hjorungnes A (2011) Hedonic coalition formation for distributed task allocation among wireless agents. IEEE Trans Mob Comput 10(9):1327–1344

    Article  Google Scholar 

  44. 44.

    Liu Y, Sun YL, Liu S, Kot AC (2013) Securing online reputation systems through dempster-shafer theory based trust model. IEEE transactions on information forensics and security, 8(6)

  45. 45.

    Wei Z, Tang H, Yu FR, Wang M, Mason P (2014) Security enhancements for mobile ad hoc networks with trust management using uncertain reasoning. IEEE Trans Veh Technol 63(9):4647–4658

    Article  Google Scholar 

  46. 46.

    Liu S, Kot AC, Miao C, Theng Y-L (2012) A dempster-shafer theory based witness trustworthiness model. In: Proceedings of the 11th international conference on autonomous agents and multiagent systems-volume 3. International foundation for autonomous agents and multiagent systems, pp 1361–1362

  47. 47.

    Bu S, Yu FR, Liu X, Mason P, Tang H (2011) Distributed combined authentication and intrusion detection with data fusion in high-security mobile ad hoc networks. IEEE Trans Veh Technol 60(3):1025–1036

    Article  Google Scholar 

  48. 48.

    Yu B, Singh MP (2002) An evidential model of distributed reputation management. In: Proceedings of the first international joint conference on autonomous agents and multiagent systems: Part 1. ACM, pp 294–301

  49. 49.

    Rashidi B, Fung C, Bertino E (2017) A collaborative ddos defence framework using network function virtualization. IEEE Trans Inf Forensics Secur 12(10):2483–2497

    Article  Google Scholar 

  50. 50.

    Wahab OA, Bentahar J, Otrok H, Mourad A (2015) A survey on trust and reputation models for web services: single, composite, and communities. Decis Support Syst 74:121–134

    Article  Google Scholar 

  51. 51.

    Fung C, Zhang J, Aib I, Boutaba R (2009) Robust and scalable trust management for collaborative intrusion detection. In: IFIP/IEEE international symposium on integrated network management, 2009. IM ’09. IEEE, pp 33–40

Download references

Funding

The financial support of the Natural Sciences and Engineering Research Council of Canada is gratefully acknowledged.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Adel Abusitta.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Abusitta, A., Bellaiche, M. & Dagenais, M. Multi-cloud cooperative intrusion detection system: trust and fairness assurance. Ann. Telecommun. 74, 637–653 (2019). https://doi.org/10.1007/s12243-019-00724-8

Download citation

Keywords

  • Intrusion detection systems
  • Game theory
  • Fairness assurance
  • Cloud computing
  • Security
  • Trust