Fuzzy Optimization for Security Sensors Deployment in Collaborative Intrusion Detection System

This paper argues about the deployment positions of Network-based Intrusion Detection System and suggests the “Distributed Network Security Sensors” distributed among the nodes of the internal network to monitor traffic. We study the tradeoff between cost and monitoring coverage to determine the positions and processing rates of the sensors. To handle the uncertain nature of flow, we build fuzzy expected value optimization models and develop a hybrid intelligent algorithm to obtain the deployment strategy. From the experiments in actual and synthesized network topologies, we observe that a small number of low-speed sensors are sufficient to maintain a high monitoring coverage. It also depicts that deploying DSS is much more efficient in larger topologies.

[1]  Yian-Kui Liu,et al.  Expected value of fuzzy variable and fuzzy expected value models , 2002, IEEE Trans. Fuzzy Syst..

[2]  Wenke Lee,et al.  A hardware platform for network intrusion detection and prevention , 2005 .

[3]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Guang-Bin Huang,et al.  Extreme learning machine: a new learning scheme of feedforward neural networks , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[5]  Dana S. Richards,et al.  Punctuated Equilibria: A Parallel Genetic Algorithm , 1987, ICGA.

[6]  Lixia Zhang,et al.  On the placement of Internet instrumentation , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[7]  Christopher Krügel,et al.  Stateful intrusion detection for high-speed network's , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[8]  Narasimhan Sundararajan,et al.  Fully complex extreme learning machine , 2005, Neurocomputing.

[9]  David Coley,et al.  Introduction to Genetic Algorithms for Scientists and Engineers , 1999 .

[10]  S. Hyakin,et al.  Neural Networks: A Comprehensive Foundation , 1994 .

[11]  C. Leckie,et al.  A peer-to-peer collaborative intrusion detection system , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[12]  Rick Stiffler,et al.  Cisco Secure Intrusion Detection Systems , 2001 .

[13]  Donald F. Towsley,et al.  Locating network monitors: complexity, heuristics, and coverage , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[14]  BERNARD M. WAXMAN,et al.  Routing of multipoint connections , 1988, IEEE J. Sel. Areas Commun..

[15]  Jianliang Xu,et al.  On replica placement for QoS-aware content distribution , 2004, IEEE INFOCOM 2004.