With the continuous innovations and development in communication technology and intelligent transportation systems, a new generation of vehicular ad hoc networks (VANETs) has become increasingly popular, making VANET ...
详细信息
With the continuous innovations and development in communication technology and intelligent transportation systems, a new generation of vehicular ad hoc networks (VANETs) has become increasingly popular, making VANET communication security increasingly important. An intrusiondetectionsystem (IDS) is an important tool for detecting network attacks and is an effective means of improving network security. However, existing IDSs encounter several problems involving inaccurate detections, low detection efficiencies, and incomplete detections owing to extensive changes in vehicle locations in VANETs. This study explores federated learning in software-defined VANETs and designs an efficient and accurate collaborative intrusion detection system (CIDS) model. The model utilizes the collaboration among local software-defined networks (SDNs) to jointly train the CIDS model without directly exchanging local network data flows to improve the expansibility and globality of IDSs. To reduce the model difference between different SDN clients and improve the detection accuracy, this study regards the prediction loss for each SDN client as an objective from the perspective of constrained multi-objective optimization. By optimizing a surrogate maximum function containing all the objectives, the method adopts two-stage gradient optimization to achieve Pareto optimality for SDN clients with the worst fairness constraint maximization performance. In addition, this study evaluates the training model using two open-source datasets and compares it with the latest methods. Experimental results reveal that the proposed model ensures local data privacy and demonstrates high accuracy and efficiency in detecting attacks and is thus superior to the current schemes.
collaborative intrusion detection system (CIDS) protect large networks against distributed attacks. However, a CIDS is vulnerable to insider attacks that decrease the mutual trust among the CIDS nodes. Most existing t...
详细信息
collaborative intrusion detection system (CIDS) protect large networks against distributed attacks. However, a CIDS is vulnerable to insider attacks that decrease the mutual trust among the CIDS nodes. Most existing trust management approaches rely on a central authority, trusted third parties or network peers for managing trust. The current techniques are prone to high false positives and vulnerable to various reputation attacks. For instance, device attestation manages trust among CIDS nodes by verifying the integrity of a node's hardware and software configuration. However, it lacks real-time monitoring of the dynamic state, limiting its effectiveness against ongoing attacks and malware. Therefore, incorporating the system's dynamic state in the trust framework is crucial, but it causes false positives requiring corrective mechanisms. To address these challenges, this paper proposes a blockchain-based integrated trust management framework for CIDS, incorporating the device's genome attestation, the system's dynamic parameters, and a false positive resilient reputation mechanism. By storing the reputation scores on the blockchain, the framework alleviates the need for a third party for trust management and thus mitigates attacks applicable to reputation-based systems. The paper performs a comprehensive security and performance analysis of the proposed framework to gauge its efficiency and study the effects of a penalty on a node's reputation during the recovery and rally phases. We also study the impact of false positives on the reputation of a node. The results show that Hyperledger Fabric offers lower transaction latency and low CPU utilization compared to Ethereum Blockchain.
collaborative intrusion detection systems are considered an effective defense mechanism for large, intricate, and multilayered Industrial Internet of Things against many cyberattacks. However, while a collaborative In...
详细信息
collaborative intrusion detection systems are considered an effective defense mechanism for large, intricate, and multilayered Industrial Internet of Things against many cyberattacks. However, while a collaborative intrusion detection system successfully detects and prevents various attacks, it is possible that an inside attacker performs a malicious act and compromises an intrusiondetectionsystem node. A compromised node can inflict considerable damage on the whole collaborative network. For instance, when a malicious node gives a false alert of an attack, the other nodes will unnecessarily increase their security and close all of their services, thus, degrading the system's performance. On the contrary, if the spurious node approves malicious traffic into the system, the other nodes would also be compromised. Therefore, to detect a compromised node in the network, this article introduces a device integrity check mechanism based on "Digital Genome." In medical science, a genome refers to a set that contains all of the information needed to build and maintain an organism. Based on the same concept, the digital genome is computed over a device's vital hardware, software, and other components. Hence, if an attacker makes any change in a node's hardware and software components, the digital genome will change, and the compromised node will be easily detected. It is envisaged that the proposed integrity attestation protocol can be used in diverse Internet of Things and other information technology applications to ensure the legitimate operation of end devices. This study also proffers a comprehensive security and performance analysis of the proposed framework.
Federated Learning (FL) is a Machine Learning paradigm that enables training models across distributed clients without accessing their data. In the context of network security, FL can be used to collaboratively train ...
详细信息
ISBN:
(纸本)9798350354720;9798350354713
Federated Learning (FL) is a Machine Learning paradigm that enables training models across distributed clients without accessing their data. In the context of network security, FL can be used to collaboratively train intrusiondetectionsystem (IDS) models across multiple organizations, virtually extending the local dataset of each participant. Among the new challenges raised by this approach, the heterogeneity of the clients' environments induce consequent differences in the data distributions, and therefore contributions. Further, identifying and mitigating malicious contributions is made more complex in heterogeneous environments. This tutorial introduces the audience to the principles of FL and its application to network security, and more specifically to build collaborative intrusion detection systems (CIDSs) using FL. We address open challenges on that regard, before focusing on the problem of training on heterogeneous data. Finally, we discuss the issues raised by using FL in the context of network security, with a particular focus on poisoning attacks.
We propose a framework based on collaborative Runtime Monitors (CoRuM) for application-level security. CoRuM detects the abnormal behavior of an application by observing critical characteristics during program runtime...
详细信息
ISBN:
(纸本)9781728103594
We propose a framework based on collaborative Runtime Monitors (CoRuM) for application-level security. CoRuM detects the abnormal behavior of an application by observing critical characteristics during program runtime. In this paper, we discuss the application's critical and essential characteristics to be monitored, the components of the framework, and its workflow on different use case scenarios. We provide experimental results on typical cyber-attacks and provide the throughput and detection accuracy measures. We also propose multidimensional preventive measures using honeypot and backup servers.
暂无评论