FACID: A trust-based collaborative decision framework for intrusion detection networks

Fung, Carol; Zhu, Quanyan

doi:10.1016/j.adhoc.2016.08.014

Cited by 42 publications

(22 citation statements)

References 32 publications

(55 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Samples for both benign and malicious activities are extracted from the CICIDS2017 dataset. 23 This scenario is similar to the collaborative IDS proposed by Fung and Zhu, 20 except for the analyzed attacks and features.…”

Section: Scenario 3: Expert Detectors Cooperationmentioning

confidence: 86%

See 1 more Smart Citation

Counselors network for intrusion detection

et al. 2020

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are a fundamental component of defense solutions. In particular, IDSs aim to detect malicious activities on computer systems and networks by relying on data classification models built from a training dataset. However, classifiers' performance can vary for each attack pattern. A common technique to overcome this issue is to use ensemble methods, where multiple classifiers are employed and a final decision is taken combining their outputs. Despite the potential advantages of such an approach, its usefulness is limited in scenarios where (i) multiple expert classifiers present divergent results, (ii) all classifiers present poor results due to lack of representative features, or (iii) detectors have insufficient labeled signatures to train their classifiers for a specific attack pattern. In this work, we introduce the concept of a counselors network to deal with conflicts from different classifiers by exploiting the collaboration among IDSs that analyze multiple and heterogeneous data sources. Empirical results demonstrate the feasibility of the proposed architecture in improving the accuracy of the intrusion detection process.

show abstract

Section: Scenario 3: Expert Detectors Cooperationmentioning

confidence: 86%

“…Finally, Fung and Zhu 20 propose a collaborative IDS, which deploys IDSs in different parts of the network. IDSs with different specialties or training datasets can consult each other.…”

Section: Collaborative Architecturesmentioning

confidence: 99%

Counselors network for intrusion detection

et al. 2020

View full text Add to dashboard Cite

show abstract

“…It became significantly more difficult for a traditional single intrusion detection system, whether it is network-based, hypervisor-based, or VM-based, to detect all attacks, due to limited knowledge about attacks. Collaboration among intrusion detection systems (IDSs) can be exploited to gain higher detection accuracy as compared to traditional single IDS [1]. Through collaboration, IDSs in different regions, and possibly, belonging to different Cloud Providers (CPs) can cooperate in such a way that makes them utilize the expertise of each other to cover and identify unknown attack patterns.…”

Section: Introductionmentioning

confidence: 99%

“…Moreover, they do not need a database of known attacks. However, the shortcoming of using anomalybased detection is the relative high false positive rate compared to the signature-based technique [1]. IDSs may adopt both techniques to have improved detection accuracy.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A trust-based game theoretical model for cooperative intrusion detection in multi-cloud environments

Abusitta

Bellaïche

Dagenais

2018

2018 21st Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)

View full text Add to dashboard Cite

Cloud systems are becoming more complex and vulnerable to attacks. Cyber attacks are also becoming more sophisticated and harder to detect. Therefore, it is increasingly difficult for a single cloud-based intrusion detection system (IDS) to detect all attacks, because of limited and incomplete knowledge about attacks. The recent researches in cyber-security have shown that a cooperation among IDSs can bring higher detection accuracy in such complex computer systems. Through collaboration, a cloud-based IDS can consult other IDSs about suspicious intrusions and increase the decision accuracy. The problem of existing cooperative IDS approaches is that they overlook having untrusted (malicious or not) IDSs that may negatively effect the decision about suspicious intrusions in the cloud. Moreover, they rely on a centralized architecture in which a central agent regulates the cooperation, which contradicts the distributed nature of the cloud. In this paper, we propose a framework that enables IDSs to distributively form trustworthy IDSs communities. We devise a novel decentralized algorithm, based on coalitional game theory, that allows a set of cloud-based IDSs to cooperatively set up their coalition in such a way to make their individual detection accuracy increase, even in the presence of untrusted IDSs.

show abstract