A Super-Peer Approach for Scalable Collaborative Intrusion Detection Network (CIDN)

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    Collaborative intrusion detection systems (CIDSs) have the ability to correlate suspicious activities from various CIDSs in different networks to maximize the efficiency of the intrusion detection in addition to sharing the knowledge and resources among them. Current consultation-based CIDNs do not honor the scope variations of CIDSs (area of expertise). Evaluating collaborators’ knowledge regardless of their scope variations could degrade the efficiency of the CIDN, while in reality CIDSs have different platforms and strengths in various areas that could affect the overall scalability and efficiency of the architecture negatively. Additionally, many architectures in the literature built under information-based settings, while few architectures have the consultation-based capabilities. An architecture that combines both information-based and consultation-based capabilities has not been proposed yet. This paper proposes a scope-aware super-peer collaborative intrusion detection network (CIDN) architecture that takes CIDS scope into consideration when consulting, by organizing CIDSs into groups based on their scope regardless of their physical locations as well as incorporating the information-based into the consultation-based architecture to benefit from consultation-based capabilities while limiting the information being distributed to fast-spreading attacks that are discovered from consultation requests. However, the proposed architecture can strengthen the efficiency of the CIDN as well as reducing the overload of the communications among collaborators and contributes to enhance the overall scalability of the architecture.



  • Keywords

    Collaborative intrusion detection network; Intrusion detection; Network security; Scalable CIDN; Super-peer architecture.

  • References

      [1] E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, "Taxonomy and Survey of Collaborative Intrusion Detection," ACM Computing Surveys (CSUR), vol. 47, no. 4, pp. 55, 2015.

      [2] C. J. Fung and R. Boutaba, "Design and management of collaborative intrusion detection networks," in Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on, 2013, pp. 955-961

      [3] L. Liu and N. Antonopoulos, "From client-server to p2p networking," in Handbook of Peer-to-Peer Networking, ed: Springer, 2010, pp. 71-89.

      [4] Van Steen, M. and A. S. Tanenbaum, Distributed Systems. CreateSpace, 2017.

      [5] Kurve, Aditya, et al. "Optimizing cluster formation in super-peer networks via local incentive design." Peer-to-Peer Networking and Applications 8.1 (2015): 1-21.

      [6] L. Mekouar, Y. Iraqi, and R. Boutaba, "Reputation-based trust management in peer-to-peer systems: taxonomy and anatomy," in Handbook of Peer-to-Peer Networking, ed: Springer, 2010, pp. 689-732.

      [7] R. Janakiraman, M. Waldvogel, and Q. Zhang, "Indra: A peer-to-peer approach to network intrusion detection and prevention," in Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on, 2003, pp. 226-231.

      [8] V. Yegneswaran, P. Barford, and S. Jha, "Global Intrusion Detection in the DOMINO Overlay System," in NDSS, 2004.

      [9] A. Ghosh and S. Sen, Agent-based distributed intrusion alert system: Springer, 2005.

      [10] C. V. Zhou, S. Karunasekera, and C. Leckie, "A peer-to-peer collaborative intrusion detection system," 2005, p. 6 pp.

      [11] C. Duma, M. Karresand, N. Shahmehri, and G. Caronni, "A trust-aware, p2p-based overlay for intrusion detection," in Database and Expert Systems Applications, 2006. DEXA'06. 17th International Workshop on, 2006, pp. 692-697.

      [12] A. K. Ganame, J. Bourgeois, R. Bidou, and F. Spies, "A global security architecture for intrusion detection on computer networks," computers & security, vol. 27, pp. 30-47, 2008.

      [13] C. V. Zhou, C. Leckie, S. Karunasekera, and T. Peng, "A self-healing, self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains," 2008, pp. 321-327.

      [14] C.-C. Lo, C.-C. Huang, and J. Ku, "A cooperative intrusion detection system framework for cloud computing networks," 2010, pp. 280-284.

      [15] M. G. Pérez, F. G. Mármol, G. M. Pérez, and A. F. S. Gómez, "RepCIDN: A reputation-based collaborative intrusion detection network to lessen the impact of malicious alarms," Journal of network and systems management, vol. 21, pp. 128-167, 2013.

      [16] C. J. Fung, J. Zhang, I. Aib, and R. Boutaba, "Dirichlet-based trust management for effective collaborative intrusion detection networks," Network and Service Management, IEEE Transactions on, vol. 8, pp. 79-91, 2011.

      [17] C. Fung, J. Zhang, I. Aib, and R. Boutaba, "Trust management and admission control for host-based collaborative intrusion detection," Journal of Network and Systems Management, vol. 19, pp. 257-277, 2011.

      [18] W. Li, W. Meng, and H. Horace, "Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model," Journal of Network and Computer Applications, vol. 77, pp. 135-145, 2017.




Article ID: 23408
DOI: 10.14419/ijet.v7i4.31.23408

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.