Abstract
The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security 28(1–2), 18–28 (2009)
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and Survey of Collaborative Intrusion Detection. ACM Computing Surveys 47(4), 33 (2015)
Chen, Y., Cai, M., Hwang, K., Kwok, Y.-K., Song, S.: Collaborative Internet Worm Containment. IEEE Security and Privacy Magazine 3(3), 25–33 (2005)
Peteiro-Barral, D., Guijarro-Berdiñas, B.: A survey of methods for distributed machine learning. Progress in Artificial Intelligence 2(1), 1–11 (2012)
Zhou, Z.-H.: When semi-supervised learning meets ensemble learning. Frontiers of Electrical and Electronic Engineering in China 6(1), 6–16 (2011)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34(4), 579–595 (2000)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A Survey. ACM Computing Surveys 41(3), 1–58 (2009)
Mahoney, M., Chan, P.: Learning rules for anomaly detection of hostile network traffic. In: IEEE International Conference on Data Mining. IEEE Comput. Soc, 2003, pp. 601–604 (2003)
Maclin, R., Opitz, D.: Popular ensemble methods: An empirical study. Journal Of Artificial Intelligence Research 11, 169–198 (1999)
Kannadiga, P., Zulkernine, M.: DIDMA : a distributed intrusion detection system using mobile agents. In: International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, pp. 238–245. IEEE (2005)
Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE : a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: IEEE Workshop on Information Assurance and Security, pp. 85–90. IEEE (2001)
Marchetti, M., Messori, M., Colajanni, M.: Peer-to-peer architecture for collaborative intrusion and malware detection on a large scale. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 475–490. Springer, Heidelberg (2009)
Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and P2P intrusion detection. In: IEEE Workshop on Information Assurance and Security, pp. 333–339. IEEE (2005)
Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, P2P-based overlay for intrusion detection. In: International Conference on Database and Expert Systems Applications (DEXA 2006), pp. 692–697. IEEE (2006)
Ganesh, A.J., Kermarrec, A.-M., Massoulié, L.: Peer-to-peer membership management for gossip-based protocols. IEEE Transactions on Computers 52(2), 139–149 (2003)
Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: MAWILab: combining diverseanomaly detectors for automated anomaly labeling and performance benchmarking. In: 6th International Conference on - Co-NEXT 2010, pp. 1–12. ACM (2010)
Sangster, B., Cook, T., Fanelli, R., Dean, E., Adams, W.J. Morrell, C., Conti, G.: Toward instrumenting network warfare competitions to generate labeled datasets. In: USENIX Security’s Workshop on Cyber Security Experimentation and Test (CSET) (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Cordero, C.G., Vasilomanolakis, E., Mühlhäuser, M., Fischer, M. (2015). Community-Based Collaborative Intrusion Detection. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-28865-9_44
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28864-2
Online ISBN: 978-3-319-28865-9
eBook Packages: Computer ScienceComputer Science (R0)