Skip to main content
SpringerLink
Log in

Security Enhancement in Distributed Networks Using Link-Based Mapping Scheme for Network Intrusion Detection with Enhanced Bloom Filter

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

To prevent and monitor the unauthorized usage of data access, security on the network is implemented by authenticating the data. Network intrusion detection system monitors the network traffic and measures the information to identify the suspicious activities. In distributed networks, the network administrator has to authorize the user data access. When large data set is concerned in network applications the two complex issues to be solved are the organization of information and decision making. To address these issues, a space efficient data structure, called the bloom filter is used which effectively organizes and decides the presence of reliability. However, using advanced filtering techniques, the intruders easily hack the authorized data for unauthorized operations. At the same time, when processing the information, it is difficult to access the data in a secured manner using the standard bloom filters. To enhance the security over the user data access from the intruders, an enhanced bloom filter technique is presented to represent the large set of data in secure manner applied in distributed applications like web caching, peer networks etc. Additionally, to restrict the unauthorized access over the dataset from malicious activities by intruders, the enhanced bloom filter is applied with an upper bound on the false-positive probability by increasing its capacity as the packet data size increases. The occurrence of network data traffic is cleared by mapping the set of data elements to the appropriate setting in the database using hash functions, minimizing the number of resets created and at the same time improving the mean hit ratio. An experimental evaluation is done with the KDD cup 1999 dataset extracted from UCI repository to estimate the performance of the proposed link-based mapping for network intrusion detection system with enhanced bloom filters. Performance evaluation is measured in terms of false positive probability, false negative probability, mean hit ratio, scalability, number of resets created and security. The experimental results reveals that security over the packet data achieves 42.5 % higher against existing dynamic bloom filter approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Rottenstreich, O., Kanizo, Y., & Keslassy, I. The variable-increment counting bloom filter. Technical Report TR11-05, COMNET, TECHNION, Isreeal.

  2. Mitzenmacher, M. (2002). Compressed bloom filters. IEEE/ACM Transactions on Networking, 10(5), 604–612.

  3. Cohen, S., & Matias, Y. (2003). Spectral bloom filters. SIGMOD 2003, June 9–12, 2003, San Diego, CA. Copyright 2003, ACM.

  4. Kirsch, A., & Mitzenmacher, M. (2006). Distance-sensitive bloom filters. In Proceedings of the Eighth Workshop on Algorithm Engineering and Experiments, 21 January 2006 (ALENEX 2006) (pp. 41–50). Miami: SIAM.

  5. Xie, K., Min, Y., Zhang, D., & Xie, G. (2005). Basket bloom filters for membership queries. TENCON 2005 2005 IEEE Region, 10, 21–24. doi:10.1109/TENCON.2005.301258.

  6. Kundu, S. R., Pal, S., Basu, K., & Das, S. K. (2009). An architectural framework for accurate characterization of network traffic. IEEE Transactions on Parallel and Distributed Systems, 20(1), 111–123.

  7. Yoon, M. (2010). Aging bloom filter with two active buffers for dynamic sets. IEEE Transactions on Knowledge and Data Engineering, 22, 134–138.

  8. Hua, Y., Xiao, B., Veeravalli, B., & Feng, D. (2012). Locality-sensitive bloom filter for approximate membership query. IEEE Transactions on Computers, 61(6), 817–830.

  9. Guo, D., Wu, J., Chen, H., Yuan, Y., & Luo, X. (2010). The dynamic bloom filters. IEEE Transactions on Knowledge and Data Engineering, 22(1), 120–133.

  10. Laufer, R. P., et al. (2011). A generalized bloom filter to secure distributed network applications. Computer Networks, 55, 1804–1819.

  11. Bloom, B. (1970). Space/time trade-offs in hash coding with allowable errors. ACM, 13(7), 422–426.

    Article  MATH  Google Scholar 

  12. Carter, J. L., & Wegman, M. (1979). Universal classes of hash functions. Journal of Computer and System Sciences, 18(2), 143–154.

    Article  MATH  MathSciNet  Google Scholar 

  13. Itani, W., Ghali, C., El Hajj, A., & Kayssi, A. (2010). SinPack: A security protocol for preventing pollution attacks in network-coded content distribution networks. In IEEE Global Telecommunications Conference (GLOBECOM 2010).

  14. Antikainen, M., Aura, T., & Sarela. M. (2013). Denial-of-service attacks in bloom-filter-based forwarding. Transactions on Networking, IEEE/ACM, 3(99), 1463–1476.

  15. Paynter, M., & Kocak, T. (2008). Fully pipelined bloom filter architecture. IEEE Communications Letters, 12(11), 855–857.

  16. Kocak, T., & Kaya, I. (2006). Low-power bloom filter architecture for deep packet inspection. Communications Letters, IEEE, 10(3), 210–212.

  17. Moreira, M. D. D. (2012). Capacity and robustness tradeoffs in bloom filters for distributed applications. IEEE Transactions on Parallel and Distributed Systems, 23(12), 2219–2230.

  18. Li, Y.-Z. (2009). Memory efficient parallel bloom filters for string matching. In International Conference on Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC’09.

  19. Ding, Y. (2009). A novel call admission control routing mechanism using bloom filter in MANET. In International Conference on Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC’09.

  20. Saravanan, K., & Senthilkumar, A. (2013). FPGA implementation of secure authentication in WiMAX networks using modified WiMAX bloom filter: A hardware approach. Journal of Discrete Mathematical Sciences and Cryptography, Taylor and Francis, 16(6), 393–404.

    Article  MathSciNet  Google Scholar 

  21. Dharmapurikar, S., Krishnamurthy, P., Sproull, T., & Lockwood, J. W. (2004). Deep packet inspection using parallel bloom filters. IEEE Micro, 24(1), 52–61.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electronics and Communication Engineering, Christian Institute for Technical Education, Oddanchatram, Tamilnadu, India

    K. Saravanan

  2. Department of Electrical and Electronics Engineering, Dr. Mahalingam College of Engineering and Technology, Pollachi, Tamilnadu, India

    A. Senthilkumar

Authors
  1. K. Saravanan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Senthilkumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Saravanan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Saravanan, K., Senthilkumar, A. Security Enhancement in Distributed Networks Using Link-Based Mapping Scheme for Network Intrusion Detection with Enhanced Bloom Filter. Wireless Pers Commun 84, 821–839 (2015). https://doi.org/10.1007/s11277-015-2662-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2662-1

Keywords

Search

Navigation