Adaptive machine learning‐based alarm reduction via edge computing for distributed intrusion detection systems

To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.

[1]  Haijun Zhang,et al.  Edge Caching With Transmission Schedule for Multiuser Multirelay Networks , 2018, IEEE Communications Letters.

[2]  Horace Ho-Shing Ip,et al.  Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model , 2017, J. Netw. Comput. Appl..

[3]  Antonio Pescapè,et al.  Cloud monitoring: A survey , 2013, Comput. Networks.

[4]  Jin Li,et al.  Privacy-preserving outsourced classification in cloud computing , 2017, Cluster Computing.

[5]  Lam-For Kwok,et al.  Towards adaptive false alarm reduction using Cloud as a Service , 2013, 2013 8th International Conference on Communications and Networking in China (CHINACOM).

[6]  Wenjuan Li,et al.  Towards effective and robust list-based packet filter for signature-based network intrusion detection: an engineering approach , 2017 .

[7]  Raouf Boutaba,et al.  Design and management of collaborative intrusion detection networks , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[8]  Yu Wang,et al.  Detecting insider attacks in medical cyber-physical networks based on behavioral profiling , 2020, Future Gener. Comput. Syst..

[9]  Raouf Boutaba,et al.  Robust and scalable trust management for collaborative intrusion detection , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[10]  Ting Wu,et al.  Generating stable biometric keys for flexible cloud computing authentication using finger vein , 2016, Inf. Sci..

[11]  Xuan Li,et al.  Cloud-assisted privacy-preserving profile-matching scheme under multiple keys in mobile social network , 2018, Cluster Computing.

[12]  Wenjuan Li,et al.  Enhancing Trust Evaluation Using Intrusion Sensitivity in Collaborative Intrusion Detection Networks: Feasibility and Challenges , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[13]  Saman A. Zonouz,et al.  A cloud-based intrusion detection and response system for mobile phones , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[14]  Wenjuan Li,et al.  Enhancing collaborative intrusion detection networks using intrusion sensitivity in detecting pollution attacks , 2016, Inf. Comput. Secur..

[15]  Anup K. Ghosh,et al.  Detecting anomalous and unknown intrusions against programs , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[16]  Fabrizio Baiardi,et al.  CIDS: A Framework for Intrusion Detection in Cloud Systems , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[17]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[18]  Zhe Liu,et al.  Enhancing Intelligent Alarm Reduction for Distributed Intrusion Detection Systems via Edge Computing , 2018, ACISP.

[19]  Jian Shen,et al.  Finger vein secure biometric template generation based on deep learning , 2018, Soft Comput..

[20]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[21]  Lam For Kwok,et al.  Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments , 2017, IEEE Transactions on Network and Service Management.

[22]  Jin Li,et al.  Towards privacy protection and malicious behavior traceability in smart health , 2017, Personal and Ubiquitous Computing.

[23]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[24]  Lam-For Kwok,et al.  Adaptive False Alarm Filter Using Machine Learning in Intrusion Detection , 2011 .

[25]  Hervé Debar,et al.  A serial combination of anomaly and misuse IDSes applied to HTTP traffic , 2004, 20th Annual Computer Security Applications Conference.

[26]  Patrick Martin,et al.  IDSaaS: Intrusion Detection System as a Service in Public Clouds , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[27]  Stephen R. Garner,et al.  WEKA: The Waikato Environment for Knowledge Analysis , 1996 .

[28]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[29]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[30]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[31]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[32]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[33]  Horace Ho-Shing Ip,et al.  PMFA: Toward Passive Message Fingerprint Attacks on Challenge-Based Collaborative Intrusion Detection Networks , 2016, NSS.

[34]  Martin Knahl,et al.  An Autonomous Agent Based Incident Detection System for Cloud Environments , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[35]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[36]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[37]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[38]  Jie Wu,et al.  Achieving reliable and secure services in cloud computing environments , 2017, Comput. Electr. Eng..

[39]  Wenjuan Li,et al.  Design of Intrusion Sensitivity-Based Trust Management Model for Collaborative Intrusion Detection Networks , 2014, IFIPTM.

[40]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[41]  Siu-Ming Yiu,et al.  Multi-key privacy-preserving deep learning in cloud computing , 2017, Future Gener. Comput. Syst..

[42]  Q. M. Wu,et al.  Fingerprint Liveness Detection from Different Fingerprint Materials Using Convolutional Neural Network and Principal Component Analysis , 2018 .

[43]  Yu Wang,et al.  A Privacy-Preserving Framework for Collaborative Intrusion Detection Networks Through Fog Computing , 2017, CSS.

[44]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[45]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[46]  Wenjuan Li,et al.  SOOA: Exploring Special On-Off Attacks on Challenge-Based Collaborative Intrusion Detection Networks , 2017, GPC.

[47]  Nur Izura Udzir,et al.  A Cloud-based Intrusion Detection Service framework , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[48]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[49]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[50]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[51]  Yu Wang,et al.  TouchWB: Touch behavioral user authentication based on web browsing on smartphones , 2018, J. Netw. Comput. Appl..

[52]  Raouf Boutaba,et al.  Trust Management for Host-Based Collaborative Intrusion Detection , 2008, DSOM.

[53]  Jin Li,et al.  Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack , 2018, Inf. Sci..

[54]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[55]  Ying Gao,et al.  An Immune-inspired Adaptive Automated Intrusion Response System Model , 2012, Int. J. Comput. Intell. Syst..

[56]  Jun Zhang,et al.  JFCGuard: Detecting juice filming charging attack via processor usage analysis on smartphones , 2017, Comput. Secur..

[57]  Weisong Shi,et al.  Edge Computing: Vision and Challenges , 2016, IEEE Internet of Things Journal.

[58]  Xiapu Luo,et al.  MVPSys: Toward practical multi-view based false alarm reduction system in network intrusion detection , 2016, Comput. Secur..

[59]  Jin Li,et al.  Flexible neural trees based early stage identification for IP traffic , 2017, Soft Comput..

[60]  Kim-Kwang Raymond Choo,et al.  A bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks , 2017, J. Netw. Comput. Appl..

[61]  Lam-for Kwok,et al.  A case study: Intelligent false alarm reduction using fuzzy if-then rules in network intrusion detection , 2012, 2012 9th International Conference on Fuzzy Systems and Knowledge Discovery.