Intrusion Detection Networks: A Key to Collaborative Security, 1st Edition (Paperback) book cover

Intrusion Detection Networks

A Key to Collaborative Security, 1st Edition

By Carol Fung, Raouf Boutaba

Auerbach Publications

261 pages | 92 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9781138198890
pub: 2017-10-12
SAVE ~$12.39
$61.95
$49.56
x
Hardback: 9781466564121
pub: 2013-11-19
SAVE ~$33.00
Currently out of stock
$165.00
$132.00
x
eBook (VitalSource) : 9780429099922
pub: 2013-11-19
from $82.50


FREE Standard Shipping!

Description

The rapidly increasing sophistication of cyber intrusions makes them nearly impossible to detect without the use of a collaborative intrusion detection network (IDN). Using overlay networks that allow an intrusion detection system (IDS) to exchange information, IDNs can dramatically improve your overall intrusion detection accuracy.

Intrusion Detection Networks: A Key to Collaborative Security focuses on the design of IDNs and explains how to leverage effective and efficient collaboration between participant IDSs. Providing a complete introduction to IDSs and IDNs, it explains the benefits of building IDNs, identifies the challenges underlying their design, and outlines possible solutions to these problems. It also reviews the full-range of proposed IDN solutions—analyzing their scope, topology, strengths, weaknesses, and limitations.

  • Includes a case study that examines the applicability of collaborative intrusion detection to real-world malware detection scenarios
  • Illustrates distributed IDN architecture design
  • Considers trust management, intrusion detection decision making, resource management, and collaborator management

The book provides a complete overview of network intrusions, including their potential damage and corresponding detection methods. Covering the range of existing IDN designs, it elaborates on privacy, malicious insiders, scalability, free-riders, collaboration incentives, and intrusion detection efficiency. It also provides a collection of problem solutions to key IDN design challenges and shows how you can use various theoretical tools in this context.

The text outlines comprehensive validation methodologies and metrics to help you improve efficiency of detection, robustness against malicious insiders, incentive-compatibility for all participants, and scalability in network size. It concludes by highlighting open issues and future challenges.

Table of Contents

INTRODUCTION

CYBER INTRUSIONS AND INTRUSION DETECTION

Cyber Intrusions

Introduction

Overview of Cyber Intrusions

Malware

Vulnerabilities Exploitation

Denial-of-Service Attack

Web-Based Attacks

DNS Attack

Organized Attacks and Botnets

Spam and Phishing

Mobile Device Security

Cyber Crime and Cyber Warfare

A Taxonomy of Cyber Intrusions

Summary

Intrusion Detection

Intrusion Detection Systems

Signature-Based and Anomaly-Based IDSs

Host-Based and Network-Based IDSs

Other Types of IDSs

Strength and Limitations of IDSs

Collaborative Intrusion Detection Networks

Motivation for IDS Collaboration

Challenges of IDS Collaboration

Overview of Existing Intrusion Detection Networks

Cooperation Topology

Cooperation Scope

Collaboration Type

Specialization

Cooperation Technologies and Algorithms

Data Correlation

Trust Management

Load Balancing

Taxonomy

Selected Intrusion Detection Networks

Indra

DOMINO

DShield

NetShield

CIDS

Gossip

Worminator

ABDIAS

CRIM

ALPACAS

CDDHT

SmartScreen Filter

CloudAV

FFCIDN

CMDA

Summary

DESIGN OF AN INTRUSION DETECTION NETWORK

Collaborative Intrusion Detection Networks Architecture Design

Introduction

Collaboration Framework

Network Join Process

Consultation Requests

Test Messages

Communication Overlay

Mediator

Trust Management

Acquaintance Management

Resource Management

Feedback Aggregation

Discussion

Privacy Issues

Insider Attacks

Summary

Trust Management

Introduction

Background

Trust Management Model

Satisfaction Mapping

Dirichlet-Based Model

Evaluating the Trustworthiness of a Peer

Test Message Exchange Rate and Scalability of Our System

Robustness against Common Threats

Newcomer Attacks

Betrayal Attacks

Collusion Attacks

Inconsistency Attacks

Simulations and Experimental Results

Simulation Setting

Modeling the Expertise Level of a Peer

Deception Models

Trust Values and Confidence Levels for Honest Peers

Trust Values for Dishonest Peers

Robustness of Our Trust Model

Scalability of Our Trust Model

Efficiency of Our Trust Model

Conclusions and Future Work

Collaborative Decision

Introduction

Background

Collaborative Decision Model

Modeling of Acquaintances

Collaborative Decision

Sequential Hypothesis Testing

Threshold Approximation

Performance Evaluation

Simulation

Simple Average Model

Weighted Average Model

Bayesian Decision Model

Modeling of a Single IDS

Detection Accuracy and Cost

Cost under Homogeneous Environment

Cost under Heterogeneous Environment

Cost and the Number of Acquaintances

Sequential Consultation

Robustness and Scalability of the System

Conclusion

Resource Management

Introduction

Background

Resource Management and Incentive Design

Modeling of Resource Allocation

Characterization of Nash Equilibrium

Incentive Properties

Primal / Dual Iterative Algorithm

Experiments and Evaluation

Nash Equilibrium Computation

Nash Equilibrium Using Distributed Computation

Robustness Evaluation

Free-Riding

Denial-of-Service (DoS) Attacks

Dishonest Insiders

Large-Scale Simulation

Conclusion

Collaborators Selection and Management

Introduction

Background

IDS Identification and Feedback Aggregation

Detection Accuracy for a Single IDS

Feedback Aggregation

Acquaintance Management

Problem Statement

Acquaintance Selection Algorithm

Acquaintance Management Algorithm

Evaluation

Simulation Setting

Determining the Test Message Rate

Efficiency of Our Feedback Aggregation

Cost and the Number of Collaborators

Efficiency of Acquaintance Selection Algorithms

Evaluation of Acquaintance Management Algorithm

Convergence

Stability

Incentive Compatibility

Robustness

Conclusion and Future Work

OTHER TYPES OF IDN DESIGN

Knowledge-Based Intrusion Detection Networks and Knowledge Propagation

Introduction

Background

Knowledge Sharing IDN Architecture

Network Topology

Communication Framework

Snort Rules

Authenticated Network Join Operation

Feedback Collector

Trust Evaluation and Acquaintance Management

Knowledge Propagation Control

An Example

Knowledge Sharing and Propagation Model

Lower Level – Public Utility Optimization

Upper Level – Private Utility Optimization

Tuning Parameter Rij

Nash Equilibrium

Price of Anarchy Analysis

Knowledge Propagation

Bayesian Learning and Dynamic Algorithms

Bayesian Learning Model for Trust

Dirichlet Learning Model for Knowledge Quality

Credible-Bound Estimation of Trust

Dynamic Algorithm to Find the Prime NE at Node

Evaluation

Simulation Setup

Trust Value Learning

Convergence of Distributed Dynamic Algorithm

Scalability and Quality of Information (QoI)

Incentive Compatibility and Fairness

Robustness of the System

Conclusion

Collaborative Malware Detection Networks

Introduction

Background

Collaborative Malware Detection

Decision Models for Collaborative Malware Detection

Static Threshold

Weighted Average

Decision Tree

Bayesian Decision

Collaboration Framework

Architecture Design

Communication Overhead and Privacy Issue

Adversaries and Free-Riding

Collaborative Decision Model

Problem Statement and RevMatch Model

Feedback Relaxation

Labeled History Update

Evaluation

Data Sets

Experiment Setting

Ranking of AVs

Static Threshold

Weighted Average

Decision Tree

Bayesian Decision

RevMatch

Comparison between Different Decision Models

Robustness against Insider Attacks

Acquaintance List Length and Efficiency

Discussion

Runtime Efficiency on Decision

Partial Feedback

Tuning Flexibility

Comparison

Zero-Day Malware Detection

History Poison Flooding Attack

Conclusion and Future Work

CONCLUSION

APPENDICES

Examples of Intrusion Detection Rules and Alerts

Examples of Snort Rules

Example of an Intrusion Alert in IDMEF Format

Proofs

Proof of Proposition 9.4.3

Proof of Theorem 9.2

Proof of Proposition 9.4.4

Proof of Proposition 9.4.5

Proof of Proposition 9.4.6

References

Index

About the Authors

Carol Fung is an assistant professor of computer science at the Virginia Commonwealth University (USA). She received her Bachelor's and Master's degrees in computer science from the university of Manitoba (Canada), and her PhD degree in computer science from the university of Waterloo (Canada). Her research interests include collaborative intrusion detection networks, social networks, security issues in mobile networks and medical systems, location-based services for mobile phones, and machine learning in intrusion detection. She is the recipient of the best dissertation awards in IM2013, the best student paper award in CNSM2011 and the best paper award in IM2009. She received numerous prestige awards and scholarships including Google Anita Borg scholarship, NSERC Postdoc fellowship, David Cheriton Scholarship, NSERC Postgraduate Scholarship, and President’s graduate scholarship. She has been a visiting scholar at POSTECH (South Korea), a software engineer at Google, and a research staff at BlackBerry.

Raouf Boutaba is a professor of computer science at the University of Waterloo (Canada) and a distinguished visiting professor at POSTECH (South Korea). He served as a distinguished speaker of the IEEE Communications Society and the IEEE Computer Society. He is the founding chair of the IEEE Communications Society Technical Committee on Autonomic Communications, and the founding Editor in Chief of the IEEE Transactions on Network and Service Management (2007-2010). He is currently on the advisory editorial board of the Journal of Network and Systems Management, and on the editorial board of the IEEE Transactions on Mobile Computing, the IEEE Communication Surveys and Tutorials, the KICS/IEEE Journal of Communications and Networks, the International Journal on Network Management (ACM/Wiley), the Wireless Communications and Mobile Computing (Wiley) and the Journal on Internet Services and Applications (Springer). His research interests include resource and service management in networked systems. He has published extensively in these areas and received several journal and conference best paper awards such as the IEEE 2008 Fred W. Ellersick Prize Paper Award, the 2001 KICS/IEEE Journal on Communications and Networks Best Paper Award, the IM 2007 and 2009 and the CNSM 2010 Best Paper Awards among others. He also received several recognitions such as the Premier’s Research Excellence Award, Nortel research excellence Awards, a fellowship of the Faculty of Mathematics, David R. Cheriton faculty fellowships, outstanding performance awards at Waterloo and the NSERC discovery accelerator award. He has also received the IEEE Communications Society Hal Sobol Award and the IFIP Silver Core in 2007, the IEEE Communications Society Joe LociCero award and the IFIP/IEEE Dan Stokesbury award in 2009, and the IFIP/IEEE Salah Aidarous award in 2012. He is a Fellow of the IEEE and the EIC.

Subject Categories

BISAC Subject Codes/Headings:
COM032000
COMPUTERS / Information Technology
COM043000
COMPUTERS / Networking / General
COM051230
COMPUTERS / Software Development & Engineering / General
COM053000
COMPUTERS / Security / General