Abstract
A federation-based DIDS is a security platform composed of autonomous IDS able to learn with their data and cooperate with each other to improve the overall detection performance. However, evaluating the detection performance of a DIDS, specially considering its heterogeneous environment and the wide range of threats that emerge every single day, is not trivial. Although the Bayesian inference approach presents itself as a compatible option to model this kind of systems, lacking a sufficiently large and diverse dataset is a relevant issue for building blocks of prior knowledge. Our approach relies on the “learn-from-data” insight of the Beta function to propose a modeling framework aiming to assess the overall detection performance of DIDS systems, regardless of dataset rounds. Comparing our results to the numbers obtained either from testbeds or simulation, the proposed model presents a fair approximation.
Similar content being viewed by others
Notes
A named zero-day attack occurs when an attacker exploits a vulnerability before security teams can find a fix.
The denominator of the Bayes inference used to model the detection performance metric Pr(I = 1) was assumed equals 1
References
Möller DPF (2020) Intrusion detection and prevention. Springer International Publishing, Berlin, pp 47–75
Kumar Ahuja DG (2015) Evaluation metrics for intrusion detection systems-a study. Int J Comput Sci Mobile Appl 11:7–11
Ring M, Wunderlich S, Scheuring D, Landes D, Hotho A (2019) A survey of network-based intrusion detection data sets. Comput Secur 86:147–167
Gharib A, Sharafaldin I, Lashkari AH, Ghorbani AA (2016) An evaluation framework for intrusion detection dataset. In: 2016 International conference on information science and security (ICISS). 1–6
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Mori P, Furnell S, Camp O (eds) Proceedings of the 4th international conference on information systems security and privacy, ICISSP 2018, Funchal, Madeira - Portugal, January 22-24, 2018, SciTePress 108–116
Shah SAR, Issac B (2018) Performance comparison of intrusion detection systems and application of machine learning to snort system. Futur Gener Comput Syst 80:157–170
Robbins R (2003) Distributed intrusion detection systems: An introduction and review. Technical Report version 1.4b, ⒸSANS Institute Information Security Reading Room (February 2003) Option1
Jaynes ET (1968) Prior probabilities. IEEE Trans Syst Sci Cybern 4(3):227–241
Silva RS, de Moraes LF (2019) A cooperative approach with improved performance for a global intrusion detection systems for internet service providers. Ann Telecommun 74(3):167–173
Ghosh A, Sen S (2005) Agent-based distributed intrusion alert system. In: Sen A, Das N, Das SK, Sinha BP (eds) Distributed computing - IWDC 2004. Springer Berlin Heidelberg, Berlin, pp 240–251
Janakiraman R, Waldvogel M, Zhang Q (2003) Indra: a peer-to-peer approach to network intrusion detection and prevention. In: WET ICE 2003. Proceedings. Twelfth IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises, 2003, pp 226–231
Cai M, Hwang K, Kwok Y-K, Song S, Chen Y (2005) Collaborative internet worm containment. IEEE Secur Privacy 3(3):25–33
Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the domino overlay system. In: NDSS, The Internet Society
Zhou CV, Karunasekera S, Leckie C (2005) A peer-to-peer collaborative intrusion detection system. In: 2005 13th IEEE International conference on networks jointly held with the 2005 IEEE 7th malaysia international conf on communic, vol 1, p 6
Zaman S, Karray F (2009) Collaborative architecture for distributed intrusion detection system. In: 2009 IEEE symposium on computational intelligence for security and defense applications, pp 1–7
Fung CJ, Boutaba R (2013) Intrusion detection networks - a key to collaborative security. CRC Press
Zhao R, Yin Y, yu Shi Y, Xue Z (2020) Intelligent intrusion detection based on federated learning aided long short-term memory. Phys Commun 42:101157
Li K, Zhou H, Tu Z, Wang W, Zhang H (2020) Distributed network intrusion detection system in satellite-terrestrial integrated networks using federated learning. IEEE Access 8:214852–214865
Jamieson KG, Gupta MR, Krout DW (2009) Sequential bayesian estimation of the probability of detection for tracking
Shen Y, Cooper G (2010) A new prior for bayesian anomaly detection. Methods of Inf Med 49(1):44
Loibl C, Hares S, Raszuk R, McPherson B, Bacher M (2020) Dissemination of flow specification rules. RFC 8955 IETFⒸ
Shenfield A, Day D, Ayesh A (2018) Intelligent intrusion detection systems using artificial neural networks. ICT Express 4(2):95–99
Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550
Lynch SM (2007) Basics of Bayesian Statistics. Springer New York, New York, pp 47–75
Kak A (2017) Ml, map, and bayesian — the holy trinity of parameter estimation and data prediction. Tutorial, Purdue UniversityⒸ
Bolstad WM, Curran JM (2007) 8 Bayesian Inference for Binomial Proportion. Wiley, New York, pp 141–159
D’Antonio S, Formicola V, Mazzariello C, Oliviero F, Romano SP (2010) Performance assessment of a distributed intrusion detection system in a real network scenario. In: 2010 Fifth international conference on risks and security of internet and systems (CRiSIS), pp 1–8
Najafian Z, Aghazarian V, Hedayati A (2015) Signature-based method and stream data mining technique performance evaluation for security and intrusion detection in advanced metering infrastructures (ami). Int J Comput Electr Eng 7:128–139
Valero León A (2017) INsIDES: A new machine learning-based intrusion detection system. Ph.D. dissertation, Universitat Pompeo Fabra, Barcelona
Acknowledgements
The authors thank FAPERJ — the official funding agency for supporting science & technology research in the State of Rio de Janeiro (Brazil) and Rede-Rio (the state academic backbone network) — for the support given in the course of this work.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Silva, R.S., de Moraes, L.F.M. A balanced prior knowledge model based on Beta function for evaluating DIDS performance. Ann. Telecommun. 77, 505–515 (2022). https://doi.org/10.1007/s12243-021-00894-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-021-00894-4