Bayesian decision aggregation in collaborative intrusion detection networks

Fung, Carol; Zhu, Quanyan; Boutaba, Raouf; Başar, Tamer

doi:10.1109/noms.2010.5488489

Cited by 38 publications

(31 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A collaborative framework for intrusion detection networks (CIDNs) that uses a Bayesian approach for feedback aggregation was proposed by Fung et al [9]. The approach was designed to solve the problem of traditional intrusion detection systems such as host-based intrusion detection system and network-based intrusion detection system, which can easily be compromised by new or unknown attacks.…”

Section: Related Workmentioning

confidence: 99%

CK-RAID: Collaborative Knowledge Repository for Intrusion Detection System

Onashoga

Akinwale

Amusa

et al. 2019

CIT. J. comput. inf. technol

View full text Add to dashboard Cite

Intrusion Detection Systems (IDSs) are an integral part of an organization's infrastructure. Without an IDS facility in place to monitor network and host activities, attempted and successful intrusion attempts may go unnoticed. This study proposed a Collaborative Knowledge Repository Architecture for Intrusion Detection (CK-RAID). It is based on a distributed network of computer nodes, each with their individual IDS with a centralized knowledge repository system, and firewall acting as a defence. When an unfamiliar attack hits any node, the first step the intrusion monitor takes is to request from Knowledge Repository Server the most effective intrusion response. To improve performance, Intrusion Update module collaborates with IDSs sensor and log by updating their expert rule and intrusion information respectively and removing the old intrusion signature from the knowledge base with the aid of Intrusion Detector Pruning. To ensure security of information exchange, RSA encryption and Digital Signature were used to encode information during transit. The result showed that CK-RAID had a detection rate of 97.2%, compared with Medoid Clustering, Y-means, FCM and K-means that have an accuracy of 96.38%, 87.15%, 82.13% and 77.25% respectively. Therefore, CK-RAID can be deployed for efficient detection of all categories of intrusion detection and response.

show abstract

Section: Related Workmentioning

confidence: 99%

CK-RAID: Collaborative Knowledge Repository for Intrusion Detection System

Onashoga

Akinwale

Amusa

et al. 2019

CIT. J. comput. inf. technol

View full text Add to dashboard Cite

show abstract

“…The experimental results demonstrated that the Dirichlet-based approach could enhance both robustness and efficiency. As feedback aggregation is a key component in a trust model, they further applied a Bayesian approach for feedback aggregation to minimize the combined costs of missed detection and false alarms [12]. Their experiments indicated that the Bayesian approach could make an improvement on the true positive detection rate and a reduction in the average cost.…”

Section: • Most Previous Filtration Mechanisms Attempt To Analyzementioning

confidence: 99%

“…In this work, our motivation is thus to design a collaborative trust-based packet filter, which can work effectively in a collaborative network and provide robust trust computation through calculating the IP trustworthiness in a collaborative way. Moreover, we adopt the theoretical CIDN model from the existing literature (e.g., [10], [11], [12]) and modify it according to our requirements. In the evaluation, we mainly compare our approach to similar trust models in defending against betrayal attacks.…”

Section: • Most Previous Filtration Mechanisms Attempt To Analyzementioning

confidence: 99%

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

Meng

Kwok

2017

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

 Users may download and print one copy of any publication from the public portal for the purpose of private study or research.  You may not further distribute the material or use it for any profit-making activity or commercial gain  You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

“…Our CIDN is based on a distributed collaboration model. In our previous work, Bayesian decision model [26] has been used to make optimal cost decisions based on feedbacks from IDS peers. In this paper, we adopt a more rigorous hypothesis testing model to aggregate feedback from multiple sources and obtain bounds on the number of acquaintances for achieving certain performance goals.…”

Section: Related Workmentioning

confidence: 99%

FACID: A trust-based collaborative decision framework for intrusion detection networks

Fung

Zhu

2016

Ad Hoc Networks

Self Cite

View full text Add to dashboard Cite

Computer systems evolve to be more complex and vulnerable. Cyber attacks have also grown to be more sophisticated and harder to detect. Intrusion detection is the process of monitoring and identifying unauthorized system access or manipulation. It becomes increasingly difficult for a single intrusion detection system (IDS) to detect all attacks due to limited knowledge about attacks. Collaboration among intrusion detection devices can be used to gain higher detection accuracy and cost efficiency as compared to its traditional single host-based counterpart. Through cooperation, a local IDS can detect new attacks that may be known to other IDSs, which may be from different vendors. However, how to utilize the diagnosis from different IDSs to perform intrusion detection is the key challenge. This paper proposes a system architecture of a collaborative intrusion detection network (CIDN), in which trustworthy and efficient feedback aggregation is a key component. To achieve a reliable and trustworthy CIDN, we present a framework called FACID, which leverages data analytical models and hypothesis testing methods for efficient, distributed and sequential feedback aggregations. FACID provides an inherent trust evaluation mechanism and reduces communication overhead needed for IDSs as well as the computational resources and memory needed to achieve satisfactory feedback aggregation results when the number of collaborators of an IDS is large. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

show abstract

Bayesian decision aggregation in collaborative intrusion detection networks

Cited by 38 publications

References 11 publications

CK-RAID: Collaborative Knowledge Repository for Intrusion Detection System

CK-RAID: Collaborative Knowledge Repository for Intrusion Detection System

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

FACID: A trust-based collaborative decision framework for intrusion detection networks

Contact Info

Product

Resources

About