A Novel Threat-Driven Data Collection Method for Resource-Constrained Networks
Real-time devices monitoring is a fundamental task of network security. When networks are threatened by cyberattacks, we need accurate monitoring data for timely detecting and disposing network threats. However, in resource-constrained networks, due to limitation of device processing capacity or network bandwidth, it is usually difficult to collect monitoring information precisely and efficiently. To address this problem, we propose a novel threat-driven data collection method. Our method firstly analyses features of the existing or potential network threats, then chooses devices that most probably be affected by the threats, and finally selects data items consistent to the threat features for those screened target collection devices. Experiment results prove that our threat-driven data collection method not only improves the collection efficiency with a satisfying data accuracy, but also reduces devices resource cost of gathering monitoring data, making it suitable for security management in resource-constrained networks.
KeywordsData collection method Threat-driven data collection Resource-constrained networks
This work is supported by the National Key Research and Development Program of China (2016YFB0800303).
- 4.Tripp, T.S., Flocken, P.A., Faihe, Y.: Computer system polling with adjustable intervals based on rules and server states. U.S. Patent 7,548,969 (2009)Google Scholar
- 6.Sun, Q., Gao, L., Wang, H., et al.: A dynamic polling strategy based on prediction model for large-scale network monitoring. In: Proceedings of International Conference on Advanced Cloud and Big Data (CBD), pp. 8–13 (2013)Google Scholar
- 10.Roskowski, S., Kolm, D., Ruf, M.P., et al.: Rule based data collection and management in a wireless communications network. U.S. Patent 7,551,922 (2009)Google Scholar
- 11.Calo, S.B., Dilmaghani, R.B., Freimuth, D.M., et al.: Data collection from networked devices. U.S. Patent 8,935,368 (2015)Google Scholar
- 12.Bahr, N.J.: System Safety Engineering and Risk Assessment: A Practical Approach. CRC Press, Florida (2014)Google Scholar
- 13.Dickerson, J.E., Dickerson, J.A.: Fuzzy network profiling for intrusion detection. In: Proceedings of 19th International Conference of the North American, pp. 301–306 (2000)Google Scholar
- 14.CVSS Homepage. https://www.first.org/cvss. Last accessed 15 May 2017
- 15.Chavan, S., Shah, K., Dave, N., et al.: Adaptive neuro-fuzzy intrusion detection systems. In: Proceedings of International Conference on Information Technology: Coding and Computing (ITCC), pp. 70–74 (2014)Google Scholar