A Novel Threat-Driven Data Collection Method for Resource-Constrained Networks

  • Jing Li
  • Lihua Yin
  • Yunchuan Guo
  • Chao Li
  • Fenghua Li
  • Lihua Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10394)


Real-time devices monitoring is a fundamental task of network security. When networks are threatened by cyberattacks, we need accurate monitoring data for timely detecting and disposing network threats. However, in resource-constrained networks, due to limitation of device processing capacity or network bandwidth, it is usually difficult to collect monitoring information precisely and efficiently. To address this problem, we propose a novel threat-driven data collection method. Our method firstly analyses features of the existing or potential network threats, then chooses devices that most probably be affected by the threats, and finally selects data items consistent to the threat features for those screened target collection devices. Experiment results prove that our threat-driven data collection method not only improves the collection efficiency with a satisfying data accuracy, but also reduces devices resource cost of gathering monitoring data, making it suitable for security management in resource-constrained networks.


Data collection method Threat-driven data collection Resource-constrained networks 



This work is supported by the National Key Research and Development Program of China (2016YFB0800303).


  1. 1.
    Acemoglu, D., Malekian, A., Ozdaglar, A.: Network security and contagion. J. Econ. Theor. 166, 536–585 (2016)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Liao, H.J., Lin, C.H.R., Lin, Y.C., et al.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)CrossRefGoogle Scholar
  3. 3.
    Kim, H., Feamster, N.: Improving network management with software defined networking. IEEE Commun. Mag. 51(2), 114–119 (2013)CrossRefGoogle Scholar
  4. 4.
    Tripp, T.S., Flocken, P.A., Faihe, Y.: Computer system polling with adjustable intervals based on rules and server states. U.S. Patent 7,548,969 (2009)Google Scholar
  5. 5.
    Raghavendra, R., Acharya, P., Belding, E.M., et al.: MeshMon: a multi-tiered framework for wireless mesh network monitoring. Wirel. Commun. Mob. Comput. 11(8), 1182–1196 (2011)CrossRefGoogle Scholar
  6. 6.
    Sun, Q., Gao, L., Wang, H., et al.: A dynamic polling strategy based on prediction model for large-scale network monitoring. In: Proceedings of International Conference on Advanced Cloud and Big Data (CBD), pp. 8–13 (2013)Google Scholar
  7. 7.
    Dilman, M., Raz, D.: Efficient reactive monitoring. IEEE J. Sel. Areas Commun. 20(4), 668–676 (2002)CrossRefGoogle Scholar
  8. 8.
    Jiang, H., Jin, S., Wang, C.: Prediction or not? An energy-efficient framework for clustering-based data collection in wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 22(6), 1064–1071 (2011)CrossRefGoogle Scholar
  9. 9.
    Safdarian, A., Fotuhi-Firuzabad, M., Lehtonen, M.: A distributed algorithm for managing residential demand response in smart grids. IEEE Trans. Ind. Inf. 10(4), 2385–2393 (2014)CrossRefGoogle Scholar
  10. 10.
    Roskowski, S., Kolm, D., Ruf, M.P., et al.: Rule based data collection and management in a wireless communications network. U.S. Patent 7,551,922 (2009)Google Scholar
  11. 11.
    Calo, S.B., Dilmaghani, R.B., Freimuth, D.M., et al.: Data collection from networked devices. U.S. Patent 8,935,368 (2015)Google Scholar
  12. 12.
    Bahr, N.J.: System Safety Engineering and Risk Assessment: A Practical Approach. CRC Press, Florida (2014)Google Scholar
  13. 13.
    Dickerson, J.E., Dickerson, J.A.: Fuzzy network profiling for intrusion detection. In: Proceedings of 19th International Conference of the North American, pp. 301–306 (2000)Google Scholar
  14. 14.
    CVSS Homepage. https://www.first.org/cvss. Last accessed 15 May 2017
  15. 15.
    Chavan, S., Shah, K., Dave, N., et al.: Adaptive neuro-fuzzy intrusion detection systems. In: Proceedings of International Conference on Information Technology: Coding and Computing (ITCC), pp. 70–74 (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Jing Li
    • 1
    • 2
  • Lihua Yin
    • 1
    • 2
  • Yunchuan Guo
    • 1
    • 2
  • Chao Li
    • 1
    • 2
  • Fenghua Li
    • 1
  • Lihua Chen
    • 3
  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.Department of Information SecurityBeijing Electronic Science and Technology InstituteBeijingChina

Personalised recommendations