Advertisement

Community-Based Collaborative Intrusion Detection

  • Carlos Garcia CorderoEmail author
  • Emmanouil Vasilomanolakis
  • Max Mühlhäuser
  • Mathias Fischer
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 164)

Abstract

The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.

Keywords

Intrusion Detection Detection Accuracy Communication Overhead Anomaly Detection Intrusion Detection System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security 28(1–2), 18–28 (2009)CrossRefGoogle Scholar
  2. 2.
    Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and Survey of Collaborative Intrusion Detection. ACM Computing Surveys 47(4), 33 (2015)CrossRefGoogle Scholar
  3. 3.
    Chen, Y., Cai, M., Hwang, K., Kwok, Y.-K., Song, S.: Collaborative Internet Worm Containment. IEEE Security and Privacy Magazine 3(3), 25–33 (2005)CrossRefGoogle Scholar
  4. 4.
    Peteiro-Barral, D., Guijarro-Berdiñas, B.: A survey of methods for distributed machine learning. Progress in Artificial Intelligence 2(1), 1–11 (2012)CrossRefGoogle Scholar
  5. 5.
    Zhou, Z.-H.: When semi-supervised learning meets ensemble learning. Frontiers of Electrical and Electronic Engineering in China 6(1), 6–16 (2011)CrossRefGoogle Scholar
  6. 6.
    Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34(4), 579–595 (2000)CrossRefGoogle Scholar
  7. 7.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A Survey. ACM Computing Surveys 41(3), 1–58 (2009)CrossRefGoogle Scholar
  8. 8.
    Mahoney, M., Chan, P.: Learning rules for anomaly detection of hostile network traffic. In: IEEE International Conference on Data Mining. IEEE Comput. Soc, 2003, pp. 601–604 (2003)Google Scholar
  9. 9.
    Maclin, R., Opitz, D.: Popular ensemble methods: An empirical study. Journal Of Artificial Intelligence Research 11, 169–198 (1999)zbMATHGoogle Scholar
  10. 10.
    Kannadiga, P., Zulkernine, M.: DIDMA : a distributed intrusion detection system using mobile agents. In: International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, pp. 238–245. IEEE (2005)Google Scholar
  11. 11.
    Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE : a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: IEEE Workshop on Information Assurance and Security, pp. 85–90. IEEE (2001)Google Scholar
  12. 12.
    Marchetti, M., Messori, M., Colajanni, M.: Peer-to-peer architecture for collaborative intrusion and malware detection on a large scale. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 475–490. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and P2P intrusion detection. In: IEEE Workshop on Information Assurance and Security, pp. 333–339. IEEE (2005)Google Scholar
  14. 14.
    Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: International Conference on Database and Expert Systems Applications (DEXA 2006), pp. 692–697. IEEE (2006)Google Scholar
  15. 15.
    Ganesh, A.J., Kermarrec, A.-M., Massoulié, L.: Peer-to-peer membership management for gossip-based protocols. IEEE Transactions on Computers 52(2), 139–149 (2003)CrossRefGoogle Scholar
  16. 16.
    Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: MAWILab: combining diverseanomaly detectors for automated anomaly labeling and performance benchmarking. In: 6th International Conference on - Co-NEXT 2010, pp. 1–12. ACM (2010)Google Scholar
  17. 17.
    Sangster, B., Cook, T., Fanelli, R., Dean, E., Adams, W.J. Morrell, C., Conti, G.: Toward instrumenting network warfare competitions to generate labeled datasets. In: USENIX Security’s Workshop on Cyber Security Experimentation and Test (CSET) (2009)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015

Authors and Affiliations

  • Carlos Garcia Cordero
    • 1
    Email author
  • Emmanouil Vasilomanolakis
    • 1
  • Max Mühlhäuser
    • 1
  • Mathias Fischer
    • 2
  1. 1.Telecooperation GroupTechnische Universität Darmstadt / CASEDDarmstadtGermany
  2. 2.Networking and Security GroupInternational Computer Science InstituteBerkeleyUSA

Personalised recommendations