A Peer-to-Peer Collaborative Intrusion Detection System

In this chapter, the authors present a novel peer-to-peer based intrusion detection system called Komondor, more specifically, its internals regarding the utilized peer-to-peer transport layer. The novelty of our intrusion detection system is that it is composed of independent software instances running on different hosts and is organized into a peer-to-peer network. The maintenance of this overlay network does not require any user interaction. The applied P2P overlay network model enables the nodes to communicate evenly over an unstable network. The base of our Komondor NIDS is a P2P network similar to Kademlia. To achieve high reliability and availability, we had to modify the Kademlia overlay network in such a way so that it would be resistent to network failures and support broadcast messages. The main purpose of this chapter is to present our modifications and enhancements on Kademlia.

Download Full-text

Misbehavior-Aware On-Demand Collaborative Intrusion Detection System Using Distributed Ensemble Learning for VANET

Electronics ◽

10.3390/electronics9091411 ◽

2020 ◽

Vol 9 (9) ◽

pp. 1411 ◽

Cited By ~ 1

Author(s):

Fuad A. Ghaleb ◽

Faisal Saeed ◽

Mohammad Al-Sarem ◽

Bander Ali Saleh Al-rimy ◽

Wadii Boulila ◽

...

Keyword(s):

Random Forest ◽

Intrusion Detection ◽

Ensemble Learning ◽

Intrusion Detection System ◽

Detection System ◽

Lower Boundary ◽

Normal Operation ◽

Communication Overhead ◽

On Demand ◽

Collaborative Intrusion Detection

Vehicular ad hoc networks (VANETs) play an important role as enabling technology for future cooperative intelligent transportation systems (CITSs). Vehicles in VANETs share real-time information about their movement state, traffic situation, and road conditions. However, VANETs are susceptible to the cyberattacks that create life threatening situations and/or cause road congestion. Intrusion detection systems (IDSs) that rely on the cooperation between vehicles to detect intruders, were the most suggested security solutions for VANET. Unfortunately, existing cooperative IDSs (CIDSs) are vulnerable to the legitimate yet compromised collaborators that share misleading and manipulated information and disrupt the IDSs’ normal operation. As such, this paper proposes a misbehavior-aware on-demand collaborative intrusion detection system (MA-CIDS) based on the concept of distributed ensemble learning. That is, vehicles individually use the random forest algorithm to train local IDS classifiers and share their locally trained classifiers on-demand with the vehicles in their vicinity, which reduces the communication overhead. Once received, the performance of the classifiers is evaluated using the local testing dataset in the receiving vehicle. The evaluation values are used as a trustworthiness factor and used to rank the received classifiers. The classifiers that deviate much from the box-and-whisker plot lower boundary are excluded from the set of the collaborators. Then, each vehicle constructs an ensemble of weighted random forest-based classifiers that encompasses the locally and remotely trained classifiers. The outputs of the classifiers are aggregated using a robust weighted voting scheme. Extensive simulations were conducted utilizing the network security laboratory-knowledge discovery data mining (NSL-KDD) dataset to evaluate the performance of the proposed MA-CIDS model. The obtained results show that MA-CIDS performs better than the other existing models in terms of effectiveness and efficiency for VANET.

Download Full-text