A Distributed Sequential Algorithm for Collaborative Intrusion Detection Networks

Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

[1]  J. Tsitsiklis Decentralized Detection' , 1993 .

[2]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[3]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[4]  Sandip Sen,et al.  Agent-Based Distributed Intrusion Alert System , 2004, IWDC.

[5]  Bernard C. Levy,et al.  Principles of Signal Detection and Parameter Estimation , 2008 .

[6]  J. Andel Sequential Analysis , 2022, The SAGE Encyclopedia of Research Design.

[7]  Raouf Boutaba,et al.  Robust and scalable trust management for collaborative intrusion detection , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[8]  Paul Resnick,et al.  The value of reputation on eBay: A controlled experiment , 2002 .

[9]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[10]  Kai Hwang,et al.  Collaborative Internet worm containment , 2005, IEEE Security & Privacy Magazine.

[11]  Tansu Alpcan,et al.  A Decentralized Bayesian Attack Detection Algorithm for Network Security , 2008, SEC.

[12]  Raouf Boutaba,et al.  Trust Management for Host-Based Collaborative Intrusion Detection , 2008, DSOM.