• DocumentCode
    2149610
  • Title

    Effective acquaintance management for Collaborative Intrusion Detection Networks

  • Author

    Fung, Carol J. ; Zhang, Jie ; Boutaba, Raouf

  • Author_Institution
    Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
  • fYear
    2010
  • fDate
    25-29 Oct. 2010
  • Firstpage
    158
  • Lastpage
    165
  • Abstract
    An effective Collaborative Intrusion Detection Network (CIDN) allows distributed Intrusion Detection Systems (IDSes) to collaborate and share their knowledge and opinions about intrusions, to enhance the overall accuracy of intrusion assessment as well as the ability of detecting new classes of intrusions. Towards this goal, we propose a distributed Host-based IDS (HIDS) collaboration system, particularly focusing on acquaintance management where each HIDS selects and maintains a list of collaborators from which they can consult about intrusions. More specifically, each HIDS evaluates both the false positive (FP) rate and false negative (FN) rate of its neighboring HIDSes´ opinions about intrusions using Bayesian learning, and aggregates their opinions about intrusions using a Bayesian decision model. Our dynamic acquaintance management algorithm allows each HIDS to effectively select a set of collaborators. We evaluate our system based on a simulated collaborative HIDS network. The experimental results demonstrate the convergence, stability and incentive of our system.
  • Keywords
    belief networks; computer network security; decision theory; groupware; learning (artificial intelligence); Bayesian decision model; Bayesian learning; collaborative HIDS network; collaborative intrusion detection network; distributed host based IDS collaboration system; distributed intrusion detection system; dynamic acquaintance management algorithm; false negative rate; false positive rate; intrusion assessment; overall accuracy enhancement; Accuracy; Collaboration; Heuristic algorithms; Intrusion detection; Maintenance engineering; Peer to peer computing; Random variables;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network and Service Management (CNSM), 2010 International Conference on
  • Conference_Location
    Niagara Falls, ON
  • Print_ISBN
    978-1-4244-8910-7
  • Electronic_ISBN
    978-1-4244-8908-4
  • Type

    conf

  • DOI
    10.1109/CNSM.2010.5691316
  • Filename
    5691316