Skip to main content
SpringerLink
Log in

A balanced prior knowledge model based on Beta function for evaluating DIDS performance

A modeling update

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

A federation-based DIDS is a security platform composed of autonomous IDS able to learn with their data and cooperate with each other to improve the overall detection performance. However, evaluating the detection performance of a DIDS, specially considering its heterogeneous environment and the wide range of threats that emerge every single day, is not trivial. Although the Bayesian inference approach presents itself as a compatible option to model this kind of systems, lacking a sufficiently large and diverse dataset is a relevant issue for building blocks of prior knowledge. Our approach relies on the “learn-from-data” insight of the Beta function to propose a modeling framework aiming to assess the overall detection performance of DIDS systems, regardless of dataset rounds. Comparing our results to the numbers obtained either from testbeds or simulation, the proposed model presents a fair approximation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. A named zero-day attack occurs when an attacker exploits a vulnerability before security teams can find a fix.

  2. The denominator of the Bayes inference used to model the detection performance metric Pr(I = 1) was assumed equals 1

References

  1. Möller DPF (2020) Intrusion detection and prevention. Springer International Publishing, Berlin, pp 47–75

    Google Scholar 

  2. Kumar Ahuja DG (2015) Evaluation metrics for intrusion detection systems-a study. Int J Comput Sci Mobile Appl 11:7–11

    Google Scholar 

  3. Ring M, Wunderlich S, Scheuring D, Landes D, Hotho A (2019) A survey of network-based intrusion detection data sets. Comput Secur 86:147–167

    Article  Google Scholar 

  4. Gharib A, Sharafaldin I, Lashkari AH, Ghorbani AA (2016) An evaluation framework for intrusion detection dataset. In: 2016 International conference on information science and security (ICISS). 1–6

  5. Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Mori P, Furnell S, Camp O (eds) Proceedings of the 4th international conference on information systems security and privacy, ICISSP 2018, Funchal, Madeira - Portugal, January 22-24, 2018, SciTePress 108–116

  6. Shah SAR, Issac B (2018) Performance comparison of intrusion detection systems and application of machine learning to snort system. Futur Gener Comput Syst 80:157–170

    Article  Google Scholar 

  7. Robbins R (2003) Distributed intrusion detection systems: An introduction and review. Technical Report version 1.4b, ⒸSANS Institute Information Security Reading Room (February 2003) Option1

  8. Jaynes ET (1968) Prior probabilities. IEEE Trans Syst Sci Cybern 4(3):227–241

    Article  Google Scholar 

  9. Silva RS, de Moraes LF (2019) A cooperative approach with improved performance for a global intrusion detection systems for internet service providers. Ann Telecommun 74(3):167–173

    Article  Google Scholar 

  10. Ghosh A, Sen S (2005) Agent-based distributed intrusion alert system. In: Sen A, Das N, Das SK, Sinha BP (eds) Distributed computing - IWDC 2004. Springer Berlin Heidelberg, Berlin, pp 240–251

  11. Janakiraman R, Waldvogel M, Zhang Q (2003) Indra: a peer-to-peer approach to network intrusion detection and prevention. In: WET ICE 2003. Proceedings. Twelfth IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises, 2003, pp 226–231

  12. Cai M, Hwang K, Kwok Y-K, Song S, Chen Y (2005) Collaborative internet worm containment. IEEE Secur Privacy 3(3):25–33

    Article  Google Scholar 

  13. Yegneswaran V, Barford P, Jha S (2004) Global intrusion detection in the domino overlay system. In: NDSS, The Internet Society

  14. Zhou CV, Karunasekera S, Leckie C (2005) A peer-to-peer collaborative intrusion detection system. In: 2005 13th IEEE International conference on networks jointly held with the 2005 IEEE 7th malaysia international conf on communic, vol 1, p 6

  15. Zaman S, Karray F (2009) Collaborative architecture for distributed intrusion detection system. In: 2009 IEEE symposium on computational intelligence for security and defense applications, pp 1–7

  16. Fung CJ, Boutaba R (2013) Intrusion detection networks - a key to collaborative security. CRC Press

  17. Zhao R, Yin Y, yu Shi Y, Xue Z (2020) Intelligent intrusion detection based on federated learning aided long short-term memory. Phys Commun 42:101157

    Article  Google Scholar 

  18. Li K, Zhou H, Tu Z, Wang W, Zhang H (2020) Distributed network intrusion detection system in satellite-terrestrial integrated networks using federated learning. IEEE Access 8:214852–214865

    Article  Google Scholar 

  19. Jamieson KG, Gupta MR, Krout DW (2009) Sequential bayesian estimation of the probability of detection for tracking

  20. Shen Y, Cooper G (2010) A new prior for bayesian anomaly detection. Methods of Inf Med 49(1):44

    Article  Google Scholar 

  21. Loibl C, Hares S, Raszuk R, McPherson B, Bacher M (2020) Dissemination of flow specification rules. RFC 8955 IETFⒸ

  22. Shenfield A, Day D, Ayesh A (2018) Intelligent intrusion detection systems using artificial neural networks. ICT Express 4(2):95–99

    Article  Google Scholar 

  23. Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550

    Article  Google Scholar 

  24. Lynch SM (2007) Basics of Bayesian Statistics. Springer New York, New York, pp 47–75

    Google Scholar 

  25. Kak A (2017) Ml, map, and bayesian — the holy trinity of parameter estimation and data prediction. Tutorial, Purdue UniversityⒸ

  26. Bolstad WM, Curran JM (2007) 8 Bayesian Inference for Binomial Proportion. Wiley, New York, pp 141–159

  27. D’Antonio S, Formicola V, Mazzariello C, Oliviero F, Romano SP (2010) Performance assessment of a distributed intrusion detection system in a real network scenario. In: 2010 Fifth international conference on risks and security of internet and systems (CRiSIS), pp 1–8

  28. Najafian Z, Aghazarian V, Hedayati A (2015) Signature-based method and stream data mining technique performance evaluation for security and intrusion detection in advanced metering infrastructures (ami). Int J Comput Electr Eng 7:128–139

    Article  Google Scholar 

  29. Valero León A (2017) INsIDES: A new machine learning-based intrusion detection system. Ph.D. dissertation, Universitat Pompeo Fabra, Barcelona

    Google Scholar 

Download references

Acknowledgements

The authors thank FAPERJ — the official funding agency for supporting science & technology research in the State of Rio de Janeiro (Brazil) and Rede-Rio (the state academic backbone network) — for the support given in the course of this work.

Author information

Authors and Affiliations

  1. Federal University of Rio de Janeiro, Rio de Janeiro, Brazil

    Renato S. Silva & Luís F. M. de Moraes

Authors
  1. Renato S. Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luís F. M. de Moraes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Renato S. Silva.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Silva, R.S., de Moraes, L.F.M. A balanced prior knowledge model based on Beta function for evaluating DIDS performance. Ann. Telecommun. 77, 505–515 (2022). https://doi.org/10.1007/s12243-021-00894-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-021-00894-4

Keywords

Search

Navigation