A Robust Algorithm for Predicting Attack Using Collaborative Security Logs with Thresholdless Trust Management System

• Main Authors: Amir Rezapour, 艾米爾
• Other Authors: Tzeng, Wen-Guey
• Format: Others
• Language: en_US
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/dm63mn

博士 === 國立交通大學 === 電機資訊國際學程 === 106 === As networks become ubiquitous in our daily lives, users rely more on networks for exchanging data and communication. However, copious new and sophisticated attacks that endanger security of users have been reported. The new attacks not only aim at collecting private information from compromised nodes, but also use the compromised nodes to launch attacks such as Distributed Denial of Service (DDoS) attacks. Intrusion detection networks (IDNs) have been developed to identify intrusions by monitoring a network or system for malicious activity or policy violations. Traditional IDSs work in a single host or network traffic in a single sub-network. Therefore, they do not have a global view of intrusions and are not effective to identify fast spreading attacks. Collaborative Intrusion Detection Network (CIDN), which consists of many IDSs, has been developed with the objective of strengthening a single IDS by collecting intrusion intelligence knowledge and learning experience from other IDSs. Collaboration not only enhances the detection capability of an individual IDS but also equips it with the ability to discover new types of intrusions. Our work makes use of a central repository, such as Dshield.org, of shared security logs from IDS or network firewalls of victims all over the Internet. The intention for sharing security logs is to help produce better prediction of future malicious activities. To achieve efficiency and robustness, we propose a novel prediction algorithm to make use of security logs and provide a secondary level of prediction. However, some malicious IDSs within an IDN can corrupt the whole collaborative network. Next, we provide a trust management system to mitigate the effect of malicious IDSs that share false information. We evaluate our proposals over real-world collaborative IDS network from Dshield.org and compare them with existing results in the literature. The experimental results demonstrate a significant improvement over previous results.