Abstract
To prevent and monitor the unauthorized usage of data access, security on the network is implemented by authenticating the data. Network intrusion detection system monitors the network traffic and measures the information to identify the suspicious activities. In distributed networks, the network administrator has to authorize the user data access. When large data set is concerned in network applications the two complex issues to be solved are the organization of information and decision making. To address these issues, a space efficient data structure, called the bloom filter is used which effectively organizes and decides the presence of reliability. However, using advanced filtering techniques, the intruders easily hack the authorized data for unauthorized operations. At the same time, when processing the information, it is difficult to access the data in a secured manner using the standard bloom filters. To enhance the security over the user data access from the intruders, an enhanced bloom filter technique is presented to represent the large set of data in secure manner applied in distributed applications like web caching, peer networks etc. Additionally, to restrict the unauthorized access over the dataset from malicious activities by intruders, the enhanced bloom filter is applied with an upper bound on the false-positive probability by increasing its capacity as the packet data size increases. The occurrence of network data traffic is cleared by mapping the set of data elements to the appropriate setting in the database using hash functions, minimizing the number of resets created and at the same time improving the mean hit ratio. An experimental evaluation is done with the KDD cup 1999 dataset extracted from UCI repository to estimate the performance of the proposed link-based mapping for network intrusion detection system with enhanced bloom filters. Performance evaluation is measured in terms of false positive probability, false negative probability, mean hit ratio, scalability, number of resets created and security. The experimental results reveals that security over the packet data achieves 42.5 % higher against existing dynamic bloom filter approach.
Similar content being viewed by others
References
Rottenstreich, O., Kanizo, Y., & Keslassy, I. The variable-increment counting bloom filter. Technical Report TR11-05, COMNET, TECHNION, Isreeal.
Mitzenmacher, M. (2002). Compressed bloom filters. IEEE/ACM Transactions on Networking, 10(5), 604–612.
Cohen, S., & Matias, Y. (2003). Spectral bloom filters. SIGMOD 2003, June 9–12, 2003, San Diego, CA. Copyright 2003, ACM.
Kirsch, A., & Mitzenmacher, M. (2006). Distance-sensitive bloom filters. In Proceedings of the Eighth Workshop on Algorithm Engineering and Experiments, 21 January 2006 (ALENEX 2006) (pp. 41–50). Miami: SIAM.
Xie, K., Min, Y., Zhang, D., & Xie, G. (2005). Basket bloom filters for membership queries. TENCON 2005 2005 IEEE Region, 10, 21–24. doi:10.1109/TENCON.2005.301258.
Kundu, S. R., Pal, S., Basu, K., & Das, S. K. (2009). An architectural framework for accurate characterization of network traffic. IEEE Transactions on Parallel and Distributed Systems, 20(1), 111–123.
Yoon, M. (2010). Aging bloom filter with two active buffers for dynamic sets. IEEE Transactions on Knowledge and Data Engineering, 22, 134–138.
Hua, Y., Xiao, B., Veeravalli, B., & Feng, D. (2012). Locality-sensitive bloom filter for approximate membership query. IEEE Transactions on Computers, 61(6), 817–830.
Guo, D., Wu, J., Chen, H., Yuan, Y., & Luo, X. (2010). The dynamic bloom filters. IEEE Transactions on Knowledge and Data Engineering, 22(1), 120–133.
Laufer, R. P., et al. (2011). A generalized bloom filter to secure distributed network applications. Computer Networks, 55, 1804–1819.
Bloom, B. (1970). Space/time trade-offs in hash coding with allowable errors. ACM, 13(7), 422–426.
Carter, J. L., & Wegman, M. (1979). Universal classes of hash functions. Journal of Computer and System Sciences, 18(2), 143–154.
Itani, W., Ghali, C., El Hajj, A., & Kayssi, A. (2010). SinPack: A security protocol for preventing pollution attacks in network-coded content distribution networks. In IEEE Global Telecommunications Conference (GLOBECOM 2010).
Antikainen, M., Aura, T., & Sarela. M. (2013). Denial-of-service attacks in bloom-filter-based forwarding. Transactions on Networking, IEEE/ACM, 3(99), 1463–1476.
Paynter, M., & Kocak, T. (2008). Fully pipelined bloom filter architecture. IEEE Communications Letters, 12(11), 855–857.
Kocak, T., & Kaya, I. (2006). Low-power bloom filter architecture for deep packet inspection. Communications Letters, IEEE, 10(3), 210–212.
Moreira, M. D. D. (2012). Capacity and robustness tradeoffs in bloom filters for distributed applications. IEEE Transactions on Parallel and Distributed Systems, 23(12), 2219–2230.
Li, Y.-Z. (2009). Memory efficient parallel bloom filters for string matching. In International Conference on Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC’09.
Ding, Y. (2009). A novel call admission control routing mechanism using bloom filter in MANET. In International Conference on Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC’09.
Saravanan, K., & Senthilkumar, A. (2013). FPGA implementation of secure authentication in WiMAX networks using modified WiMAX bloom filter: A hardware approach. Journal of Discrete Mathematical Sciences and Cryptography, Taylor and Francis, 16(6), 393–404.
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., & Lockwood, J. W. (2004). Deep packet inspection using parallel bloom filters. IEEE Micro, 24(1), 52–61.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Saravanan, K., Senthilkumar, A. Security Enhancement in Distributed Networks Using Link-Based Mapping Scheme for Network Intrusion Detection with Enhanced Bloom Filter. Wireless Pers Commun 84, 821–839 (2015). https://doi.org/10.1007/s11277-015-2662-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2662-1