Abstract
We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kim, J., Bentley, P.: The artificial immune model for network intrusion detection. In: EUFIT. 7th European Conference on Intelligent Techniques and Soft Computing (1999)
Gonzalez, F., Dasgupta, D.: Anomaly detection using using real-valued negative selection. In: Genetic Programming and Evolvable Machines (2003)
Goel, S., Bush, S.F.: Kolmogorov complexity estimates for detection of viruses in biologically inspired security systems: a comparison with traditional approaches. Complexity 9(2), 54–73 (2003)
Erdős, P., Rényi, A.: On random graphs. Publ. Math. Debrecen 6, 290–297 (1959)
Hethcote, H.W.: The mathematics of infectious diseases. SIAM Review 42(4), 599–653 (2000)
Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself Discrimination in a Computer. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 202–212. IEEE Computer Society Press, Los Alamitos (1994)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)
Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation Journal 8(4), 443–473 (2000)
Luther, K., Bye, R., Alpcan, T., Muller, A., Albayrak, S.: A cooperative ais framework for intrusion detection. In: IEEE International Conference on Communications, IEEE Computer Society Press, Los Alamitos (2007)
Androutsellis-Theotokis, S., Spinellis, D.: A survey of peer-to-peer content distribution technologies. ACM Computing Surveys 36(4), 335–371 (2004)
Anderson, I.: Combinatorial designs: construction methods. Ellis Horwood Limited (1990)
Stinson, D.R.: Combinatorial designs: construction and analysis. Springer, Heidelberg (2004)
Camtepe, S.A., Yener, B.: Combinatorial design of key distribution mechanisms for wireless sensor networks. IEEE/ACM Transactions on Networking 15(2), 346–358 (2007)
Linial, N., Wigderson, A.: Expander graphs and their applications. Lecture Notes, Hebrew University, Israel (January 2003)
Linial, N.: Expanders, eigenvalues and all that. In: NIPS 2004 Talk (2004)
Govindaraju, R.: Design of Scalable Expander Interconnection Networks. PhD thesis, Rensselaer Polytechnic Institute, Troy, New York 12180, USA (1994)
Lubotzky, A., Phillips, R., Sarnak, P.: Ramanujan graphs. Combinatorica 8(3), 261–277 (1988)
Camtepe, S.A., Yener, B., Yung, M.: Expander graph based key distribution mechanisms in wireless sensor networks. In: IEEE International Conference on Communications, IEEE Computer Society Press, Los Alamitos (2006)
Xue, F., Kumar, P.R.: The number of neighbors needed for connectivity of wireless networks. Wireless Networks 10, 169–181 (2004)
Draief, M., Ganesh, A., Massoulié, L.: Thresholds for virus spread on networks. In: 1st International Conference on Performance Evaluation Methodolgies and Tools, p. 51 (2006)
Wang, Y., Chakrabarti, D., Wang, C., Faloutsos, C.: Epidemic spreading in real networks: An eigenvalue viewpoint. In: 22nd Symposium on Reliable Distributed Computing (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bye, R., Luther, K., Çamtepe, S.A., Alpcan, T., Albayrak, Ş., Yener, B. (2007). Decentralized Detector Generation in Cooperative Intrusion Detection Systems. In: Masuzawa, T., Tixeuil, S. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2007. Lecture Notes in Computer Science, vol 4838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76627-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-76627-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76626-1
Online ISBN: 978-3-540-76627-8
eBook Packages: Computer ScienceComputer Science (R0)