Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

Meeting of the European Network of Universities and Companies in Information and Communication Engineering

EUNICE 2012: Information and Communication Technologies pp 52–63Cite as

  1. Home
  2. Information and Communication Technologies
  3. Conference paper
Enhancing Collaborative Intrusion Detection Methods Using a Kademlia Overlay Network

Enhancing Collaborative Intrusion Detection Methods Using a Kademlia Overlay Network

  • Zoltán Czirkos17 &
  • Gábor Hosszú17 
  • Conference paper
  • 1325 Accesses

  • 4 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7479)

Abstract

The two important problems of collaborative intrusion detection are aggregation and correlation of intrusion events. The enormous amount of data generated by detection probes requires significant network and computational capacity to be processed. In this article we show that a distributed hash table based approach can reduce both network and computational load of intrusion detection, while providing almost the same accuracy of detection as centralized solutions. The efficiency of data storage can be improved by selecting Kademlia as the underlying overlay network topology, as its routing can easily adapt to the dynamic properties of such an application.

Keywords

  • peer-to-peer
  • intrusion detection system
  • collaborative intrusion detection
  • attack correlation
  • attack aggregation

Download conference paper PDF

References

  1. Snort – open-source intrusion detection system, http://www.snort.org/

  2. Androutsellis-Theotokis, S., Spinellis, D.: A survey of peer-to-peer content distribution technologies. ACM Computing Surveys (CSUR) 36(4), 335–371 (2004)

    CrossRef  Google Scholar 

  3. Cuppens, F., Ortalo, R.: LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  4. Czirkos, Z., Hosszú, G.: Peer-to-peer Based Intrusion Detection. Infocommunications Journal LXIV(I), 3–10 (2009)

    Google Scholar 

  5. Czirkos, Z., Tóth, L.L., Hosszú, G., Kovács, F.: Novel Applications of the Peer-to-Peer Communication Methodology. Journal on Information Technologies and Communications E-1(1(5)), 59–70 (2009)

    Google Scholar 

  6. Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  7. Duffield, N., Haffner, P., Krishnamurthy, B., Ringberg, H.: Rule-based anomaly detection on ip flows. In: IEEE INFOCOM 2009, pp. 424–432. IEEE (2009)

    Google Scholar 

  8. Janakiraman, R., Waldvogel, M., Zhang, Q.: Indra: A Peer-to-peer Approach to Network Intrusion Detection and Prevention. In: Proceedings of Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2003, pp. 226–231. IEEE (2003)

    Google Scholar 

  9. Karger, D., Lehman, E., Leighton, T., Panigrahy, R., Levine, M., Lewin, D.: Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide web. In: Proceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, STOC 1997, pp. 654–663. ACM, New York (1997)

    CrossRef  Google Scholar 

  10. Kemmerer, R.: Nstat: A model-based real-time network intrusion detection system. University of California-Santa Barbara Technical Report TRCS97 18 (1997)

    Google Scholar 

  11. Kemmerer, R., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), 27–30 (2002)

    CrossRef  Google Scholar 

  12. Krishnamurthy, S., El-Ansary, S., Aurell, E., Haridi, S.: A Statistical Theory of Chord Under Churn. In: van Renesse, R. (ed.) IPTPS 2005. LNCS, vol. 3640, pp. 93–103. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  13. Maymounkov, P., Mazières, D.: Kademlia: A Peer-to-peer Information System Based on the XOR Metric (2002)

    Google Scholar 

  14. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Security & Privacy 1(4), 33–39 (2003)

    CrossRef  Google Scholar 

  15. Stoica, I., Morris, R., Karger, D., Kaashoek, M., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM Computer Communication Review 31(4), 149–160 (2001)

    CrossRef  Google Scholar 

  16. Templeton, S., Levitt, K.: A requires/provides model for computer attacks. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 31–38. ACM (2001)

    Google Scholar 

  17. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 54–68 (October 2001)

    Google Scholar 

  18. Vlachos, V., Spinellis, D.: A PRoactive Malware Identification System based on the Computer Hygiene Principles. Information Management and Computer Security 15(4), 295–312 (2007)

    CrossRef  Google Scholar 

  19. Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the domino overlay system. In: Proceedings of NDSS (2004)

    Google Scholar 

  20. Zhou, C.V., Karunasekera, S., Leckie, C.: A Peer-to-Peer Collaborative Intrusion Detection System. In: 13th IEEE International Conference on Networks, vol. 1, p. 6. IEEE (2006)

    Google Scholar 

  21. Zhou, C., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29(1), 124–140 (2010)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electron Devices, Budapest University of Technology and Economics, Magyar tudósok körútja 2, Building Q, Section B, 3rd Floor, Budapest, H-1117, Hungary

    Zoltán Czirkos & Gábor Hosszú

Authors
  1. Zoltán Czirkos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gábor Hosszú
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telecommunications and Media Informatics, Budapest University of Technology and Economics, Magyar Tudósok krt.2, 1117, Budapest, Hungary

    Róbert Szabó & Attila Vidács & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Czirkos, Z., Hosszú, G. (2012). Enhancing Collaborative Intrusion Detection Methods Using a Kademlia Overlay Network. In: Szabó, R., Vidács, A. (eds) Information and Communication Technologies. EUNICE 2012. Lecture Notes in Computer Science, vol 7479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32808-4_6

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-32808-4_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32807-7

  • Online ISBN: 978-3-642-32808-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature