Hive oversight for network intrusion early warning using DIAMoND: a bee-inspired method for fully distributed cyber defense

Social insect colonies have survived over evolutionary time in part due to the success of their collaborative methods: using local information and distributed decision making algorithms to detect and exploit critical resources in their environment. These methods have the unusual and useful ability to detect anomalies rapidly, with very little memory, and using only very local information. Our research investigates the potential for a self-organizing anomaly detection system inspired by those observed naturally in colonies of honey bees. We provide a summary of findings from a recently presented algorithm for a nonparametric, fully distributed coordination framework that translates the biological success of these methods into analogous operations for use in cyber defense and discuss the features that inspired this translation. We explore the impacts on detection performance of the defined range of distributed communication for each node and of involving only a small percentage of total nodes in the network in the distributed detection communication. We evaluate our algorithm using a software-based testing implementation, and demonstrate up to 20 percent improvement in detection capability over parallel isolated anomaly detectors.

[1]  M. Winston The Biology of the Honey Bee , 1987 .

[2]  Maciej Korczynski,et al.  Developing Security Reputation Metrics for Hosting Providers , 2016, ArXiv.

[3]  Jelena Mirkovic,et al.  DefCOM: defensive cooperative overlay mesh , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[4]  C. Leckie,et al.  A peer-to-peer collaborative intrusion detection system , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[5]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[6]  Jun Ho Huh,et al.  DIAMoND: Distributed Intrusion/Anomaly Monitoring for Nonparametric Detection , 2015, 2015 24th International Conference on Computer Communication and Networks (ICCCN).

[7]  Dervis Karaboga,et al.  A survey: algorithms simulating bee swarm intelligence , 2009, Artificial Intelligence Review.

[8]  Glenn A. Fink,et al.  Defense on the Move: Ant-Based Cyber Defense , 2014, IEEE Security & Privacy.

[9]  Kensuke Fukuda,et al.  MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking , 2010, CoNEXT.

[10]  Andrzej Duda,et al.  An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans , 2011, 2011 IEEE International Conference on Communications (ICC).

[11]  M.E. Locasto,et al.  Towards collaborative security and P2P intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[12]  Jaideep Chandrashekar,et al.  When Gossip is Good: Distributed Probabilistic Inference for Detection of Slow Network Intrusions , 2006, AAAI.

[13]  Wojciech Mazurczyk,et al.  Security--A Perpetual War: Lessons from Nature , 2015, IT Professional.