Collaborative Attack Detection in High-Speed Networks
نویسندگان
چکیده
We present a multi-agent system designed to detect malicious traffic in high-speed networks. In order to match the performance requirements related to the traffic volume, the network traffic data is acquired by hardware accelerated probes in NetFlow format and preprocessed before processing by the detection agent. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. In order to model the traffic, each of the cooperating agents uses an existing anomaly detection method, that are then correlated using a reputation mechanism. The output of the detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of the combination of high-speed hardware with cooperative detection algorithms and advanced analyst interface.
منابع مشابه
Secure Collaborative Spectrum Sensing in the Presence of Primary User Emulation Attack in Cognitive Radio Networks
Collaborative Spectrum Sensing (CSS) is an effective approach to improve the detection performance in Cognitive Radio (CR) networks. Inherent characteristics of the CR have imposed some additional security threats to the networks. One of the common threats is Primary User Emulation Attack (PUEA). In PUEA, some malicious users try to imitate primary signal characteristics and defraud the CR user...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملA New Intrusion Detection System to deal with Black Hole Attacks in Mobile Ad Hoc Networks
By extending wireless networks and because of their different nature, some attacks appear in these networks which did not exist in wired networks. Security is a serious challenge for actual implementation in wireless networks. Due to lack of the fixed infrastructure and also because of security holes in routing protocols in mobile ad hoc networks, these networks are not protected against attack...
متن کاملA two-phase wormhole attack detection scheme in MANETs
Mobile ad-hoc networks (MANETs) have no fixed infrastructure, so all network operations such as routing and packet forwarding are done by the nodes themselves. However, almost all common existing routing protocols basically focus on performance measures regardless of security issues. Since these protocols consider all nodes to be trustworthy, they are prone to serious security threats. Wormhole...
متن کاملA Lightweight Intrusion Detection System Based on Specifications to Improve Security in Wireless Sensor Networks
Due to the prevalence of Wireless Sensor Networks (WSNs) in the many mission-critical applications such as military areas, security has been considered as one of the essential parameters in Quality of Service (QoS), and Intrusion Detection System (IDS) is considered as a fundamental requirement for security in these networks. This paper presents a lightweight Intrusion Detection System to prote...
متن کامل