Acquaintance Management Algorithm Based on the Multi-Class Risk-Cost Analysis for Collaborative Intrusion Detection Network

The collaborative intrusion detection network (CIDN) framework provides collaboration capability among intrusion detection systems (IDS). Collaboration selection is done by an acquaintance management algorithm. A recent study developed an effective acquaintance management algorithm by the use of binary risk analysis and greedy-selection-sort based methods. However, most algorithms do not pay attention to the possibility of wrong responses in multi-botnet attacks. The greedy-based acquaintance management algorithm also leads to a poor acquaintance selection processing time when there is a high number of IDS candidates. The growing number of advanced distributed denial of service (DDoS) attacks make acquaintance management potentially end up with an unreliable CIDN acquaintance list, resulting in low decision accuracy. This paper proposes an acquaintance management algorithm based on multi-class risk-cost analysis and merge-sort selection methods. The algorithm implements merge risk-ordered selection to reduce computation complexity. The simulation result showed the reliability of CIDN in reducing the acquaintance selection processing time decreased and increasing the decision accuracy.

Collaborative intrusion detection networks with multi-hop clustering for internet of things

<p>Internet of things (IoT) is an emerging topic in so many aspects nowadays. The integration between devices and human itself is currently in large scale development. With the continuous applications of the IoT, the hidden problems such as security threats become one of the key considerations. Furthermore, limited power and computational capability of the devices in the system make it more challenging.Therefore, the needs of reliable and effective security system throughout the networks are highly needed. This research proposed a collaborative system based on JADE that consists of 3 types of agent, which are IoT server, controller, and node. Every agents will collaborate each other in terms of exchanging the intrusion detection results. The collaboration between the agents will provide more efficient and good performance. Four classification algorithms were used to model IDS functions. Then, the performance evaluation was done on the system with several parameters such as cost loss expectation, energy consumption, and metric of IDS efficiency. The result shows that the number of reports sent by IoT controller were decreased up to 80% while preserving the security aspect.</p>

Designing consensus algorithm for collaborative signature-based intrusion detection system

<span>Signature-based collaborative intrusion detection system (CIDS) is highly depends on the reliability of nodes to provide IDS attack signatures. Each node in the network is responsible to provide new attack signature to be shared with other node. There are two problems exist in CIDS highlighted in this paper, first is to provide data consistency and second is to maintain trust among the nodes while sharing the attack signatures. Recently, researcher find that blockchain has a great potential to solve those problems. Consensus algorithm in blockchain is able to increase trusts among the node and allows data to be inserted from a single source of truth. In this paper, we are investigating three blockchain consensus algorithms: proof of work (PoW), proof of stake (PoS), and hybrid PoW-PoS chain-based consensus algorithm which are possibly to be implemented in CIDS. Finally, we design an extension of hybrid PoW-PoS chain-based consensus algorithm to fulfill the requirement. This extension we name it as proof of attack signature (PoAS).</span>

A Survey on Multi-Agent Based Collaborative Intrusion Detection Systems

Multi-Agent Systems (MAS) have been widely used in many areas like modeling and simulation of complex phenomena, and distributed problem solving. Likewise, MAS have been used in cyber-security, to build more efficient Intrusion Detection Systems (IDS), namely Collaborative Intrusion Detection Systems (CIDS). This work presents a taxonomy for classifying the methods used to design intrusion detection systems, and how such methods were used alongside with MAS in order to build IDS that are deployed in distributed environments, resulting in the emergence of CIDS. The proposed taxonomy, consists of three parts: 1) general architecture of CIDS, 2) the used agent technology, and 3) decision techniques, in which used technologies are presented. The proposed taxonomy reviews and classifies the most relevant works in this topic and highlights open research issues in view of recent and emerging threats. Thus, this work provides a good insight regarding past, current, and future solutions for CIDS, and helps both researchers and professionals design more effective solutions.