A Decentralized Bayesian Attack Detection Algorithm for Network Security
نویسندگان
چکیده
Decentralized detection has been an active area of research since the late 1970s. Its earlier application area has been distributed radar systems, and more recently it has found applications in sensor networks and intrusion detection. The most popular decentralized detection network structure is the parallel configuration, where a number of sensors are directly connected to a fusion center. The sensors receive measurements related to an event and then send summaries of their observations to the fusion center. Previous work has focused on separate optimization of the quantization rules at the sensors and the fusion rule at the fusion center or on asymptotic results when the number of sensors is very large and the observations are conditionally independent and identically distributed given each hypothesis. In this work, we examine the application of decentralized detection to intrusion detection with again the parallel configuration, but with joint optimization. Particularly, using the Bayesian approach, we seek a joint optimization of the quantization rules at the sensors and the fusion rule at the fusion center. The observations of the sensors are not assumed to be conditionally independent nor identically distributed. We consider the discrete case where the distributions of the observations are given as probability mass functions. We propose a search algorithm for the optimal solution. Simulations carried out using the KDD’99 intrusion detection dataset show that the algorithm performs well. Kien C. Nguyen Department of Electrical and Computer Engineering and the Coordinated Science Laboratory, University of Illinois at Urbana-Champaign, 1308 W Main St., Urbana, IL 61801, USA, e-mail: [email protected] Tansu Alpcan Deutsche Telekom Laboratories, Ernst-Reuter-Platz 7, D-10587 Berlin, Germany, e-mail: [email protected] Tamer Başar Department of Electrical and Computer Engineering and the Coordinated Science Laboratory, University of Illinois at Urbana-Champaign, 1308 W Main St., Urbana, IL 61801, USA, e-mail: [email protected]
منابع مشابه
A New Method for Intrusion Detection Using Genetic Algorithm and Neural network
Abstract— In order to provide complete security in a computer system and to prevent intrusion, intrusion detection systems (IDS) are required to detect if an attacker crosses the firewall, antivirus, and other security devices. Data and options to deal with it. In this paper, we are trying to provide a model for combining types of attacks on public data using combined methods of genetic algorit...
متن کاملMHIDCA: Multi Level Hybrid Intrusion Detection and Continuous Authentication for MANET Security
Mobile ad-hoc networks have attracted a great deal of attentions over the past few years. Considering their applications, the security issue has a great significance in them. Security scheme utilization that includes prevention and detection has the worth of consideration. In this paper, a method is presented that includes a multi-level security scheme to identify intrusion by sensors and authe...
متن کاملA Mechanism for Detecting and Identifying DoS attack in VANET
VANET (Vehicular Ad-hoc Network) which is a hy- brid network (combination of infrastructure and infra- structure-less networks) is an emergent technology with promising future as well as great challenges especially in security. By the other hand this type of network is very sensible to safety problem. This paper focuses on a new mechanism for DoS (denial of service) attacks on the physical and ...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کامل