TU Darmstadt / ULB / TUbiblio

Community-based Collaborative Intrusion Detection

Cordero, Carlos Garcia and Vasilomanolakis, Emmanouil and Fischer, Mathias and Mühlhäuser, Max (2015):
Community-based Collaborative Intrusion Detection.
In: International Workshop on Applications and Techniques in Cyber Security (ATCS) , International Conference on Security and Privacy in Communication Networks (SecureComm), Springer International Publishing, ISBN 978-3-319-28865-9,
DOI: 10.1007/978-3-319-28865-9_44, [Conference or Workshop Item]

Abstract

The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Cordero, Carlos Garcia and Vasilomanolakis, Emmanouil and Fischer, Mathias and Mühlhäuser, Max
Title: Community-based Collaborative Intrusion Detection
Language: German
Abstract:

The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.

Title of Book: International Workshop on Applications and Techniques in Cyber Security (ATCS) , International Conference on Security and Privacy in Communication Networks (SecureComm)
Volume: 164
Publisher: Springer International Publishing
ISBN: 978-3-319-28865-9
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;Secure Services
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > Telecooperation
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1007/978-3-319-28865-9_44
Identification Number: TUD-CS-2015-1214
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item