Garcia Cordero, Carlos ; Vasilomanolakis, Emmanouil ; Fischer, Mathias ; Mühlhäuser, Max (2015)
Community-based Collaborative Intrusion Detection.
doi: 10.1007/978-3-319-28865-9_44
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2015 |
| Autor(en): | Garcia Cordero, Carlos ; Vasilomanolakis, Emmanouil ; Fischer, Mathias ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | Community-based Collaborative Intrusion Detection |
| Sprache: | Deutsch |
| Publikationsjahr: | 2015 |
| Verlag: | Springer International Publishing |
| Buchtitel: | International Workshop on Applications and Techniques in Cyber Security (ATCS) , International Conference on Security and Privacy in Communication Networks (SecureComm) |
| Band einer Reihe: | 164 |
| DOI: | 10.1007/978-3-319-28865-9_44 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors. |
| Freie Schlagworte: | - SSI - Area Secure Smart Infrastructures;Secure Services |
| ID-Nummer: | TUD-CS-2015-1214 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 31 Dez 2016 12:59 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum