Decentralized Detector Generation in Cooperative Intrusion Detection Systems

Abstract

We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.

@INPROCEEDINGS{bye:2007,
  author = {Rainer Bye and Katja Luther and Seyit Ahmet c{C}amtepe and Tansu
	Alpcan and c{S}ahin Albayrak and B{"u}lent Yener},
  title = {Decentralized Detector Generation in Cooperative Intrusion Detection
	Systems},
  booktitle = {Stabilization, Safety, and Security of Distributed Systems	
	9th International Symposium, SSS 2007 Paris, France, November 14-16,
	2007 Proceedings},
  year = {2007},
  editor = {Masuzawa, Toshimitsu; Tixeuil, Sébastien},
  series = {Lecture Notes in Computer Science , Vol. 4838},
  publisher = {Springer},
  keywords = {Theoretical Computer Science and General Issues},
  owner = {rainer},
  timestamp = {2007.10.22}
}
Autoren:
Rainer Bye, Katja Luther, Seyit Ahmet Camtepe, Tansu Alpcan, Sahin Albayrak, Bülent Yener
Kategorie:
Tagungsbeitrag
Jahr:
2007
Ort:
Lecture Notes in Computer Science , Vol. 4838