A hierarchical P2P model and a data fusion method for network security situation awareness system

A hierarchical peer-to-peer (P2P) model and a data fusion method for network security situation awareness system are proposed to improve the efficiency of distributed security behavior monitoring network. The single point failure of data analysis nodes is avoided by this P2P model, in which a greedy data forwarding method based on node priority and link delay is devised to promote the efficiency of data analysis nodes. And the data fusion method based on repulsive theory-Dumpster/Shafer (PSORT-DS) is used to deal with the challenge of multi-source alarm information. This data fusion method debases the false alarm rate. Compared with improved Dumpster/Shafer (DS) theoretical method based on particle swarm optimization (PSO) and classical DS evidence theoretical method, the proposed model reduces false alarm rate by 3% and 7%, respectively, whereas their detection rate increases by 4% and 16%, respectively.

[1]  Wenke Lee,et al.  Statistical Causality Analysis of INFOSEC Alert Data , 2003, RAID.

[2]  Ahmed Serhrouchni,et al.  A collaborative peer-to-peer architecture to defend against DDoS attacks , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[3]  Jiang Liming,et al.  New Fusion Approach for Conflicting Evidence in D-S Theory of Evidence , 2011 .

[4]  Jiguo Yu,et al.  Network Security Situation Awareness Model Based on Multi-Source Fusion , 2012 .

[5]  Ling Wang,et al.  An Integrated Decision System for Intrusion Detection , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[6]  Kenya Jin'no,et al.  A relationship between network topology and search performance of PSO , 2012, 2012 IEEE Congress on Evolutionary Computation.

[7]  Wenlong Fu,et al.  A Neural Network Based Intrusion Detection Data Fusion Model , 2010, 2010 Third International Joint Conference on Computational Science and Optimization.

[8]  Yong Peng,et al.  Data fusion detection model based on SVM and evidence theory , 2012 .

[9]  Feng Xie,et al.  Data fusion detection model based on SVM and evidence theory , 2012, 2012 IEEE 14th International Conference on Communication Technology.

[10]  Cao Bao-xiang Network security situation awareness model based on multi-source fusion , 2012 .

[11]  Konstantinos E. Parsopoulos,et al.  Cooperative micro-particle swarm optimization , 2009, GEC '09.

[12]  Joshua Ojo Nehinbe,et al.  Understanding the decision rules for partitioning logs of intrusion detection systems (IDS) , 2011 .

[13]  Zhang Hao-yu,et al.  Elite Opposition-Based Particle Swarm Optimization , 2013 .

[14]  Naixue Xiong,et al.  The resource locating strategy based on sub-domain hybrid P2P network model , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW).

[15]  Han Chongzhao,et al.  Self-Organized Particle Swarm Optimization Based on Feedback Control of Diversity , 2008 .