SMURFEN: A system framework for rule sharing collaborative intrusion detection

Carol Fung, Quanyan Zhu, Raouf Boutaba, Tamer Basar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

Original languageEnglish (US)
Title of host publication2011 7th International Conference on Network and Service Management, CNSM 2011
StatePublished - 2011
Event2011 7th International Conference on Network and Service Management, CNSM 2011 - Paris, France
Duration: Oct 24 2011Oct 28 2011

Other

Other2011 7th International Conference on Network and Service Management, CNSM 2011
CountryFrance
CityParis
Period10/24/1110/28/11

Fingerprint

Intrusion detection

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Fung, C., Zhu, Q., Boutaba, R., & Basar, T. (2011). SMURFEN: A system framework for rule sharing collaborative intrusion detection. In 2011 7th International Conference on Network and Service Management, CNSM 2011 [6104003]

SMURFEN : A system framework for rule sharing collaborative intrusion detection. / Fung, Carol; Zhu, Quanyan; Boutaba, Raouf; Basar, Tamer.

2011 7th International Conference on Network and Service Management, CNSM 2011. 2011. 6104003.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Fung, C, Zhu, Q, Boutaba, R & Basar, T 2011, SMURFEN: A system framework for rule sharing collaborative intrusion detection. in 2011 7th International Conference on Network and Service Management, CNSM 2011., 6104003, 2011 7th International Conference on Network and Service Management, CNSM 2011, Paris, France, 10/24/11.
Fung C, Zhu Q, Boutaba R, Basar T. SMURFEN: A system framework for rule sharing collaborative intrusion detection. In 2011 7th International Conference on Network and Service Management, CNSM 2011. 2011. 6104003
Fung, Carol ; Zhu, Quanyan ; Boutaba, Raouf ; Basar, Tamer. / SMURFEN : A system framework for rule sharing collaborative intrusion detection. 2011 7th International Conference on Network and Service Management, CNSM 2011. 2011.
@inproceedings{86e4362fc51e4dae8d440773e15d5398,
title = "SMURFEN: A system framework for rule sharing collaborative intrusion detection",
abstract = "Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.",
author = "Carol Fung and Quanyan Zhu and Raouf Boutaba and Tamer Basar",
year = "2011",
language = "English (US)",
isbn = "9781457715884",
booktitle = "2011 7th International Conference on Network and Service Management, CNSM 2011",

}

TY - GEN

T1 - SMURFEN

T2 - A system framework for rule sharing collaborative intrusion detection

AU - Fung, Carol

AU - Zhu, Quanyan

AU - Boutaba, Raouf

AU - Basar, Tamer

PY - 2011

Y1 - 2011

N2 - Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

AB - Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

UR - http://www.scopus.com/inward/record.url?scp=84855735622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84855735622&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84855735622

SN - 9781457715884

BT - 2011 7th International Conference on Network and Service Management, CNSM 2011

ER -