nach oben

Journal of Network and Systems Management

Erschienen in:

01.03.2013

RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms

verfasst von: Manuel Gil Pérez, Félix Gómez Mármol, Gregorio Martínez Pérez, Antonio F. Skarmeta Gómez

Erschienen in: Journal of Network and Systems Management | Ausgabe 1/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Distributed and coordinated attacks in computer networks are causing considerable economic losses worldwide in recent years. This is mainly due to the transition of attackers’ operational patterns towards a more sophisticated and more global behavior. This fact is leading current intrusion detection systems to be more likely to generate false alarms. In this context, this paper describes the design of a collaborative intrusion detection network (CIDN) that is capable of building and sharing collective knowledge about isolated alarms in order to efficiently and accurately detect distributed attacks. It has been also strengthened with a reputation mechanism aimed to improve the detection coverage by dropping false or bogus alarms that arise from malicious or misbehaving nodes. This model will enable a CIDN to detect malicious behaviors according to the trustworthiness of the alarm issuers, calculated from previous interactions with the system. Experimental results will finally demonstrate how entities are gradually isolated as their behavior worsens throughout the time.

Vorheriger Artikel A Framework for Internet Media Services Delivery to the Home Environment

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Teng, S., Zhang, W., Fu, X., Tan, W.: Cooperative intrusion detection model based on scenario. In: CSCWD’07: Proceedings of the 11th International Conference on Computer Supported Cooperative Work in Design, pp. 876–881 (April 2007)

Bass, T.: Intrusion detection systems and multisensor data fusion. Commun. ACM 43, 99–105 (2000)CrossRef

Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29, 124–140 (2010)CrossRef

Huang, Y.-A., Lee, W.: A cooperative intrusion detection system for ad hoc networks. In: SASN’03: Proceedings of the 1st ACM Workshop on Security of Ad hoc and Sensor Networks, pp. 135–147 (October 2003)

Wu, Y.-S., Foo, B., Mei, Y., Bagchi, S.: Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS. In: ACSAC’03: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 234–244 (December 2003)

Locasto, M.E., Parekh, J.J., Stolfo, S., Keromytis, A.D., Malkin, T., Misra, V.: Collaborative distributed intrusion detection. Technical Report CUCS-012-04, Department of Computer Science, Columbia University (2004)

Tjhai, G.C., Papadaki, M., Furnell, S., Clarke, N.L.: Investigating the problem of IDS false alarms: an experimental study using Snort. In: SEC’08: Proceedings of the IFIP TC-11 23rd International Information Security Conference, pp. 253–267 (September 2008)

Sourcefire Inc. Snort: An open source network intrusion prevention and detection system. http://www.snort.org (2010)

Zaman, S.: A collaborative architecture for distributed intrusion detection system based on lightweight modules. PhD thesis, Electrical and Computer Engineering, University of Waterloo, Canada (July 2009)

10.

Maurer, J.: Internet worms: walking on unstable ground. SANS Institute, GIAC Security Essentials (June 2003)

11.

Ganeriwal, S., Balzano, L.K., Srivastava, M.B.: Reputation-based framework for high integrity sensor networks. ACM Trans. Sensor Netw. 4(15):1–15:37 (2008)

12.

Gómez Mármol, F., Martínez Pérez, G.: Providing trust in wireless sensor networks using a bio-inspired technique. Telecommun. Syst. 46:163–180 (2010)

13.

Kamvar, S.D., Schlosser, M.T., Garcia-Molina, H.: The EigenTrust algorithm for reputation management in P2P networks. In: WWW’03: Proceedings of the 12th International Conference on World Wide Web, pp. 640–651 (May 2003)

14.

Mekouar, L., Iraqi, Y., Boutaba, R.: Reputation-based trust management in peer-to-peer systems: Taxonomy and anatomy. In: Handbook of Peer-to-Peer Networking, pp. 689–732 (2010)

15.

Garcia-Alfaro, J., Jaeger, M.A., Mühl, G., Barrera, I., Borrell, J.: Distributed exchange of alerts for the detection of coordinated attacks. In: CNSR’08: Proceedings of the Communication Networks and Services Research Conference, pp. 96–103 (May 2008)

16.

Lua, E.K., Crowcroft, J., Pias, M., Sharma, R., Lim, S.: A survey and comparison of peer-to-peer overlay network schemes. IEEE Commun. Surv. Tutor. 7, 72–93 (2005)CrossRef

17.

Mihailovic, A.: Deliverable D3.1: State of the art and outlooks for dynamic protocol configuration and re-engineering future Internet operations. The Self-NET EU-IST Project (Self-Management of Cognitive Future InterNET Elements) (January 2009)

18.

Gómez Mármol, F., Martínez Pérez, G.: Security threats scenarios in trust and reputation models for distributed systems. Comput. Secur. 28, 545–556 (2009)CrossRef

19.

Douceur, J.: The Sybil attack. In: IPTPS’02: Proceedings of the 1st International Workshop on Peer-to-Peer Systems, volume 2429 of Lecture Notes in Computer Science, pp. 251–260 (March 2002)

20.

Gómez Mármol, F., Girao, J., Martínez Pérez, G.: TRIMS, a privacy-aware trust and reputation model for identity management systems. Comput. Netw. 54, 2899–2912 (2010)CrossRef

21.

Debar, H., Curry, D.A., Feinstein, B.S.: The Intrusion Detection Message Exchange Format (IDMEF). IETF Request for Comments 4765 (March 2007)

22.

Xu, D., Ning, P.: Correlation analysis of intrusion alerts. In: Intrusion Detection Systems, volume 38 of Advances in Information Security, pp. 65–92 (January 2008)

23.

Mutly, S., Yilmaz, G.: A distributed cooperative trust based intrusion detection framework for MANETs. In: ICNS’11: Proceedings of the Seventh International Conference on Networking and Services, pp. 292–298 (May 2011)

24.

Xiong, L., Liu, L.: PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16, 843–857 (2004)CrossRef

25.

Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, T.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. IETF Request for Comments 5280 (May 2008)

26.

Trend Micro Inc. OSSEC: An open source security, host-based intrusion detection system. http://www.ossec.net (2010)

27.

Yusof, R., Selamat, S.R., Sahib, S.: Intrusion alert correlation technique analysis for heterogeneous log. Int. J. Comput. Sci. Netw. Secur. 8, 132–138 (2008)

28.

Martínez Molina, J., Hernández Ruiz, M.A., Gil Pérez, M., Martínez Pérez, G., Gómez Skarmeta, A.F.: Event-driven architecture based on patterns for detecting complex attacks. Int. J. Crit. Comput. Based Syst. 1, 283–309 (2010)CrossRef

29.

Wierzbicki, A., Kalinski, J., Kruszona, T.: Common Intrusion Detection Signatures Standard (CIDSS). IETF Internet Draft 5 (September 2008)

30.

Gulbrandsen, A., Vixie, P., Esibov, L.: A DNS RR for specifying the location of services (DNS SRV). IETF Request for Comments 2782 (February 2000)

31.

Park, H., Yang, J., Park, J., Kang, S.G., Choi, J.K.: A survey on peer-to-peer overlay network schemes. In: ICACT’08: Proceedings of the 10th International Conference on Advanced Communication Technology, pp. 986–988 (February 2008)

32.

Sit, E.: Storing and managing data in a distributed hash table. PhD thesis, Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science (June 2008)

33.

Adams, C., Lloyd, S.: Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations. Macmillan Technical Publishing, Indianapolis, IN (1999)

34.

López Millán, G., Gil Pérez, M., Martínez Pérez, G., Gómez Skarmeta, A.F.: PKI-based trust management in inter-domain scenarios. Comput. Secur. 29, 278–290 (2010)CrossRef

35.

Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10, 1–35 (2010)MATHCrossRef

36.

Yu, J., Ramana Reddy, Y.V., Selliah, S., Reddy, S., Bharadwaj, V., Kankanahalli, S.: TRINETR: an architecture for collaborative intrusion detection and knowledge-based alert evaluation. Adv. Eng. Inform. 19, 93–101 (2005)CrossRef

37.

Cuppens, F., Miège, A.: Alert correlation in a cooperative intrusion detection framework. In: SECPRI’02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 202–215 (May 2002)

38.

Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secure Comput. 1, 146–169 (2004)CrossRef

39.

Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the DOMINO overlay system. In: NDSS’04: Proceedings of Network and Distributed System Security Symposium (February 2004)

40.

Coull, S.E., Szymanski, B.K.: On the development of an internetwork-centric defense for scanning worms. Comput. Secur. 28, 637–647 (2009)CrossRef

41.

Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43, 618–644 (2007)CrossRef

42.

Gómez Mármol, F., Martínez Pérez, G.: Towards pre-standardization of trust and reputation models for distributed and heterogeneous systems. Comput. Stand. Interfaces 32, 185–196 (2010)CrossRef

43.

Boukerche, A., Xu, L., El-Khatib, K.: Trust-based security for wireless ad hoc and sensor networks. Comput. Commun. 30, 2413–2427 (2007)CrossRef

44.

Zhang, Z., Ho, P.-H., Nat-Abdesselam, F.: RADAR: a reputation-driven anomaly detection system for wireless mesh networks. Wirel. Netw. 16, 2221–2236 (2010)CrossRef

45.

De Rango, F., Marano, S.: Trust-based SAODV protocol with intrusion detection and incentive cooperation in MANET. In: IWCMC’09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing, pp. 1443–1448 (June 2009)

46.

Omar, M., Challal, Y., Bouabdallah, A.: Reliable and fully distributed trust model for mobile ad hoc networks. Comput. Secur. 28, 199–214 (2009)CrossRef

47.

Sabater, J., Sierra, C.: REGRET: reputation in gregarious societies. In: AGENTS’01: Proceedings of the Fifth International Conference on Autonomous Agents, pp. 194–195 (June 2001)

48.

Songsiri, S.: MTrust: a reputation-based trust model for a mobile agent system. In: ATC’06: Proceedings of the Third International Conference on Autonomic and Trusted Computing, volume 4158 of Lecture Notes in Computer Science, pp. 374–385 (September 2006)

49.

Breuer, J., Held, A., Leinmller, T., Delgrossi, L.: Trust issues for vehicular ad hoc networks. In: VETECS’08: Proceedings of the 67th IEEE Vehicular Technology Conference, pp. 2800–2804 (May 2008)

50.

Raya, M., Papadimitratos, P., Gligor, V., Hubaux, J.-P.: On data-centric trust establishment in ephemeral ad hoc networks. In INFOCOM’08: Proceedings of the 27th IEEE Conference on Computer Communications, pp. 1238–1246 (April 2008)

51.

Fung, C., Zhang, J., Aib, I., Boutaba, R.: Trust management and admission control for Host -based Collaborative Intrusion Detection. J. Netw. Syst. Manage. 19, 257–277 (2011)CrossRef

Titel: RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms
verfasst von: Manuel Gil Pérez
Félix Gómez Mármol
Gregorio Martínez Pérez
Antonio F. Skarmeta Gómez
Publikationsdatum: 01.03.2013
Verlag: Springer US
Erschienen in: Journal of Network and Systems Management / Ausgabe 1/2013
Print ISSN: 1064-7570
Elektronische ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-012-9230-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2013

Service Control Layer (SCL): Enabling Rule-based Control and Enrichment in Next-Generation Telecom Service Delivery

On Game-Theoretic Network Security Provisioning

A New Link Failure Resilient Priority Based Fair Mutual Exclusion Algorithm for Distributed Systems

A Framework for Internet Media Services Delivery to the Home Environment

Deploying Circuit Emulation Services (CES) Over EPON Using Preemptive Priority Medium Access Controller

Premium Partner