A distributed sequential algorithm for collaborative intrusion detection networks

Quanyan Zhu, Carol J. Fung, Raouf Boutaba, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

Original languageEnglish (US)
Title of host publication2010 IEEE International Conference on Communications, ICC 2010
DOIs
StatePublished - 2010
Event2010 IEEE International Conference on Communications, ICC 2010 - Cape Town, South Africa
Duration: May 23 2010May 27 2010

Other

Other2010 IEEE International Conference on Communications, ICC 2010
CountrySouth Africa
CityCape Town
Period5/23/105/27/10

Fingerprint

Intrusion detection
Heuristic methods
Costs
Agglomeration
Feedback
Testing

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications

Cite this

Zhu, Q., Fung, C. J., Boutaba, R., & Başar, T. (2010). A distributed sequential algorithm for collaborative intrusion detection networks. In 2010 IEEE International Conference on Communications, ICC 2010 [5501981] https://doi.org/10.1109/ICC.2010.5501981

A distributed sequential algorithm for collaborative intrusion detection networks. / Zhu, Quanyan; Fung, Carol J.; Boutaba, Raouf; Başar, Tamer.

2010 IEEE International Conference on Communications, ICC 2010. 2010. 5501981.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhu, Q, Fung, CJ, Boutaba, R & Başar, T 2010, A distributed sequential algorithm for collaborative intrusion detection networks. in 2010 IEEE International Conference on Communications, ICC 2010., 5501981, 2010 IEEE International Conference on Communications, ICC 2010, Cape Town, South Africa, 5/23/10. https://doi.org/10.1109/ICC.2010.5501981
Zhu Q, Fung CJ, Boutaba R, Başar T. A distributed sequential algorithm for collaborative intrusion detection networks. In 2010 IEEE International Conference on Communications, ICC 2010. 2010. 5501981 https://doi.org/10.1109/ICC.2010.5501981
Zhu, Quanyan ; Fung, Carol J. ; Boutaba, Raouf ; Başar, Tamer. / A distributed sequential algorithm for collaborative intrusion detection networks. 2010 IEEE International Conference on Communications, ICC 2010. 2010.
@inproceedings{586490a4cbdb460d8c8daaf1d88d459b,
title = "A distributed sequential algorithm for collaborative intrusion detection networks",
abstract = "Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.",
author = "Quanyan Zhu and Fung, {Carol J.} and Raouf Boutaba and Tamer Başar",
year = "2010",
doi = "10.1109/ICC.2010.5501981",
language = "English (US)",
isbn = "9781424464043",
booktitle = "2010 IEEE International Conference on Communications, ICC 2010",

}

TY - GEN

T1 - A distributed sequential algorithm for collaborative intrusion detection networks

AU - Zhu, Quanyan

AU - Fung, Carol J.

AU - Boutaba, Raouf

AU - Başar, Tamer

PY - 2010

Y1 - 2010

N2 - Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

AB - Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

UR - http://www.scopus.com/inward/record.url?scp=77955398656&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77955398656&partnerID=8YFLogxK

U2 - 10.1109/ICC.2010.5501981

DO - 10.1109/ICC.2010.5501981

M3 - Conference contribution

SN - 9781424464043

BT - 2010 IEEE International Conference on Communications, ICC 2010

ER -