A cooperative approach with improved performance for a global intrusion detection systems for internet service providers

Typical perimeter-based intrusion detection systems do not provide the user with the necessary preventive protection measures. In addition, many of the available solutions still need to improve their true-positive detection rates and reduce the proportion of false-positive alarms. Therefore, internet service providers, utilising this type of device to defend their assets and subscribers against malicious traffic, may be induced by them to make incorrect decisions. In this paper, we propose a global intrusion detection system, based upon the BGP protocol that establishes a cooperative federation whose members are distributed autonomous intrusion detection elements. These elements are able to propagate alarms of potential threatening flows traversing their respective autonomous systems. We present the architecture for the described approach and an analytical model based upon Dempster-Shafer’s combination rule, in order to evaluate specific performance metrics. The results show significant improvements over the assessed metrics, highlighting the advantage of using the proposed solution as a frontline to prevent cyberattacks.

[1]  Qishi Wu,et al.  AVOIDIT: A Cyber Attack Taxonomy , 2009 .

[2]  Somesh Jha,et al.  Fusion and Filtering in Distributed Intrusion Detection Systems , 2004 .

[3]  A. K. Agarwal,et al.  Reliable Alert Fusion of Multiple Intrusion Detection Systems , 2017, Int. J. Netw. Secur..

[4]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[5]  Dr. Anitha Patil,et al.  Performance Analysis of Anomaly Detection of KDD Cup Dataset in R Environment , 2018 .

[6]  Christopher Krügel,et al.  Stateful intrusion detection for high-speed network's , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[8]  Peter J. Bentley,et al.  An artificial immune model for network intrusion detection , 1999 .

[9]  Royce Robbins,et al.  Distributed Intrusion Detection Systems: An Introduction and Review , 2003 .

[10]  Tarek N. Saadawi,et al.  Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach , 2016, 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[11]  Pramod K. Varshney,et al.  Distributed Detection and Data Fusion , 1996 .

[12]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[13]  Jason C. Neumann The Book of GNS3 , 2015 .

[14]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[15]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[16]  Renato Souza Silva,et al.  A cooperative approach for a global intrusion detection system for internet service providers , 2017, 2017 1st Cyber Security in Networking Conference (CSNet).

[17]  Dave Katz,et al.  Multiprotocol Extensions for BGP-4 , 1998, RFC.

[18]  N. Balakrishnan,et al.  Improvement in Intrusion Detection With Advances in Sensor Fusion , 2009, IEEE Transactions on Information Forensics and Security.

[19]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[20]  Audun Jøsang,et al.  Subjective Logic: A Formalism for Reasoning Under Uncertainty , 2016 .

[21]  Xingyu Wang,et al.  Distributed intrusion detection system based on data fusion method , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[22]  Peter J. Bentley,et al.  The Human Immune System and Network Intrusion Detection , 1999 .

[23]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[24]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[25]  Akshai Aggarwal,et al.  Performance improvement of intrusion detection with fusion of multiple sensors , 2017 .

[26]  N. Balakrishnan,et al.  Performance enhancement of Intrusion Detection Systems using advances in sensor fusion , 2008, 2008 11th International Conference on Information Fusion.

[27]  Vinton G. Cerf,et al.  A brief history of the internet , 1999, CCRV.

[28]  Vinod Yegneswaran,et al.  Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.

[29]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[30]  Robert Raszuk,et al.  Dissemination of Flow Specification Rules , 2009, RFC.