A distributed sequential algorithm for collaborative intrusion detection networks

Quanyan Zhu; Carol J. Fung; Raouf Boutaba; Tamer Başar

doi:10.1109/ICC.2010.5501981

A distributed sequential algorithm for collaborative intrusion detection networks

Quanyan Zhu, Carol J. Fung, Raouf Boutaba, Tamer Başar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

Original language	English (US)
Title of host publication	2010 IEEE International Conference on Communications, ICC 2010
DOIs	https://doi.org/10.1109/ICC.2010.5501981
State	Published - 2010
Event	2010 IEEE International Conference on Communications, ICC 2010 - Cape Town, South Africa Duration: May 23 2010 → May 27 2010

Publication series

Name	IEEE International Conference on Communications
ISSN (Print)	0536-1486

Other

Other	2010 IEEE International Conference on Communications, ICC 2010
Country/Territory	South Africa
City	Cape Town
Period	5/23/10 → 5/27/10

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

Online availability

10.1109/ICC.2010.5501981

Library availability

Discover UIUC Full Text

Cite this

Zhu, Q, Fung, CJ, Boutaba, R & Başar, T 2010, A distributed sequential algorithm for collaborative intrusion detection networks. in 2010 IEEE International Conference on Communications, ICC 2010., 5501981, IEEE International Conference on Communications, 2010 IEEE International Conference on Communications, ICC 2010, Cape Town, South Africa, 5/23/10. https://doi.org/10.1109/ICC.2010.5501981

@inproceedings{07ccfb3c2c3f4a55bb4bfc4072d4f0f5,

title = "A distributed sequential algorithm for collaborative intrusion detection networks",

abstract = "Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.",

author = "Quanyan Zhu and Fung, {Carol J.} and Raouf Boutaba and Tamer Ba{\c s}ar",

year = "2010",

doi = "10.1109/ICC.2010.5501981",

language = "English (US)",

isbn = "9781424464043",

series = "IEEE International Conference on Communications",

booktitle = "2010 IEEE International Conference on Communications, ICC 2010",

}

TY - GEN

T1 - A distributed sequential algorithm for collaborative intrusion detection networks

AU - Zhu, Quanyan

AU - Fung, Carol J.

AU - Boutaba, Raouf

AU - Başar, Tamer

PY - 2010

Y1 - 2010

N2 - Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

AB - Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the network. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.

UR - http://www.scopus.com/inward/record.url?scp=77955398656&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77955398656&partnerID=8YFLogxK

U2 - 10.1109/ICC.2010.5501981

DO - 10.1109/ICC.2010.5501981

M3 - Conference contribution

AN - SCOPUS:77955398656

SN - 9781424464043

T3 - IEEE International Conference on Communications

BT - 2010 IEEE International Conference on Communications, ICC 2010

T2 - 2010 IEEE International Conference on Communications, ICC 2010

Y2 - 23 May 2010 through 27 May 2010

ER -

A distributed sequential algorithm for collaborative intrusion detection networks

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this