The application of distributed intrusion detection system (DIDS) in campus network is a security technology which aims at monitoring and analyzing network attacks. With the increasing number of campus network users an...
详细信息
Integrating information and communication technologies into the power generation, transmission and distribution system provides a new concept called Smart Grid (SG). The wide variety of devices connected to the SG com...
详细信息
ISBN:
(纸本)9781538674628
Integrating information and communication technologies into the power generation, transmission and distribution system provides a new concept called Smart Grid (SG). The wide variety of devices connected to the SG communication infrastructure generates heterogeneous data with different Quality of Service (QoS) requirements and communication technologies. An intrusiondetectionsystem (IDS) is a surveillance system monitoring the traffic flow over the network, seeking any abnormal behaviour to detect possible intrusions or attacks against the SG system. distributed fashion of power and data in SG leads to an increase in the complexity of analysing the QoS and user requirements. Thus, we require a Big Data-aware distributed IDS dealing with the malicious behaviour of the network. Motivated by this, we design a distributed IDS dealing with anomaly big data and impose the proper defence algorithm to alert the SG. This paper proposes a new smart meter (SM) architecture, including a distributed IDS model (SM-IDS). Secondly, we implement SM-IDS using supervised ML algorithms. Finally, a distributed IDS model is introduced using federated learning. Numerical results approve that Neighbourhood Area Network IDS (NAN-IDS) can help decrease smart meters' energy and resource consumption. Thus, SM-IDS achieves an accuracy of 84.31% with a detection rate of 74.69%. Also, NAN-IDS provides an accuracy of 87.40% and a detection rate of 86.73%.
distributed intrusion detection systems (DIDS) are a specialized subset of conventional IDSs designed for implementation in distributed environments. Each IDS is integrated into distinct entities within a monitored ne...
详细信息
distributed intrusion detection systems (DIDS) are a specialized subset of conventional IDSs designed for implementation in distributed environments. Each IDS is integrated into distinct entities within a monitored network, potentially distributed across various locations. These participating IDSs can be configured to detect either a particular or multiple attack types. Although DIDS has found extensive application in diverse IoT systems, its utilization in unmanned aerial vehicles (UAVs) still needs to be explored. Consequently, it is imperative to devise a comprehensive framework tailored explicitly for UAVs. It combines multiple detection units to enhance security. Based on the insights gained from previous studies, we propose an exhaustive DIDS for UAVs security enforcement in this paper. Our proposed solution offers a robust and scalable security approach. Through distributing the workload across interconnected IDSs deployed on the UAV, our solution was optimized for UAVs attacks detection to achieve high detection performance while reducing the complexity. To the best of our insight, there is no recorded DIDS for UAVs security, and attack detection has been proposed and evaluated. Furthermore, our paper provides a detailed analysis, outlining the development basis and the achieved results. We performed multiple experiments over different cases using different datasets. The achieved experimental results demonstrate that the proposed IDS has significantly high accuracy detection and low loss rates. Our proposed E-DIDS efficiently detects multiple attacks on different UAVs subsets with good global accuracy that reached 98.6% and low resource consumption.
The protection of modern distributed information networks from external and internal intruders continues to be of great importance due to the development of data transmission and processing technology. The article des...
详细信息
The protection of modern distributed information networks from external and internal intruders continues to be of great importance due to the development of data transmission and processing technology. The article describes a model of data processing in the distributed intrusion detection system (DIDS) and method of using of hidden agents to protect from an internal intruder. The distribution of the functions on data processing between the DIDS local agent and central data processing node is presented. We describe a method of hiding of presence of the agent from the system user while retaining control of it from the part of the operator.
The focus of this paper is to present the architecture of a Big-distributed intrusion detection system (B-dIDS) to discover multi-pronged attacks which are anomalies existing across multiple subnets in a distributed n...
详细信息
ISBN:
(纸本)9781479956661
The focus of this paper is to present the architecture of a Big-distributed intrusion detection system (B-dIDS) to discover multi-pronged attacks which are anomalies existing across multiple subnets in a distributed network. The B-dIDS is composed of two key components: a big data processing engine and an analytics engine. The big data processing is done through HAMR, which is a next generation in-memory MapReduce engine. HAMR has reported high speedups over existing big data solutions across several analytics algorithms. The analytics engine comprises a novel ensemble algorithm, which extracts training data from clusters of the multiple IDS alarms. The clustering is utilized as a preprocessing step to re-label the datasets based on their high similarity to known potential attacks. The overall aim is to predict multi-pronged attacks that are spread across multiple subnets but can be missed if not evaluated in an integrated manner.
Border Gateway Protocol (BGP) is increasingly becoming a multipurpose protocol. However, it keeps suffering from security issues such as bogus announcements for malicious goals. Some of these security breaches are esp...
详细信息
Border Gateway Protocol (BGP) is increasingly becoming a multipurpose protocol. However, it keeps suffering from security issues such as bogus announcements for malicious goals. Some of these security breaches are especially critical for distributed intrusion detection systems that use BGP as the underlay network for interchanging alarms. In this sense, assessing the confidence level of detection alarms transported via BGP messages is critical to prevent internal attacks. Most of the proposals addressing the confidence level of detection alarms rely on complex and time-consuming mechanisms that can also be a potential target for further attacks. In this paper, we propose an out-of-band system based on machine learning to infer the confidence level of BGP messages, using just the mandatory fields of the header. Tests using two different data sets, (i) from the indirect effects of a widespread worm attack and (ii) using up-to-date data from the IPTraf Project, show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.
Although Border Gateway Protocol - BGP is increasingly becoming a multi-purpose protocol, it suffers from security issues regarding bogus announcements for malicious goals. Some of these security breaches are particul...
详细信息
Although Border Gateway Protocol - BGP is increasingly becoming a multi-purpose protocol, it suffers from security issues regarding bogus announcements for malicious goals. Some of these security breaches are particularly critical for distributed intrusion detection systems that use BGP as their underlay network for interchanging alarms. In this case, assessing the confidence level of these BGP messages helps to prevent internal attacks. Most of the proposals addressing the confidence level of BGP messages rely on complex and time-consuming mechanisms that can also be a potential target for intelligent attacks. In this paper, we propose Gonogo as an out-of-band system based on machine learning to infer the confidence level of the intrusion alarms using just the mandatory header of each BGP message that transports them. Tests using a synthetic data set reflecting the indirect effects of a widespread worm attack over the BGP network show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.
The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present ne...
详细信息
The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present new opportunities for competitive advantage although they also introduce new risks. Currently, security is one of the most limiting issues for technological development in fields such as Internet of Things or Cyber-physical systems. This work contributes to the cyber security research field with a design that can incorporate advanced scheduling algorithms and predictive models in a parallel and distributed way, in order to improve intrusiondetection in the current scenario, where increased demand for global and wireless interconnection has weakened approaches based on protection tasks running only on specific perimeter security devices. The aim of this paper is to provide a framework to properly distribute intrusiondetectionsystem (IDS) tasks, considering security requirements and variable availability of computing resources. To accomplish this, we propose a novel approach, which promotes the integration of personal and enterprise computing resources with externally supplied cloud services, in order to handle the security requirements. For example, in a business environment, there is a set information resources that need to be specially protected, including data handled and transmitted by small mobile devices. These devices can execute part of the IDS tasks necessary for self-protection, but other tasks could be derived to other more powerful systems. This integration must be achieved in a dynamic way: cloud resources are used only when necessary, minimizing utility computing costs and security problems posed by cloud, but preserving local resources when those are required for business processes or user experience. In addition to satisfying the main objective, the strengths and benefits of the proposed framework can be explored in future research. This
With the rapid development of Internet, electronic commerce is being increasingly widely used, while Safety is the primary factor in the rapid development of electronic commerce. distributed intrusion detection system...
详细信息
With the rapid development of Internet, electronic commerce is being increasingly widely used, while Safety is the primary factor in the rapid development of electronic commerce. distributed intrusion detection system can effectively improve the security of electronic commerce environment. This paper analyzes the issues about electronic commerce security in detail, discusses the defects about distributed intrusion detection system, analyzes the improvements of distributed intrusion detection system, and fully demonstrates the importance of distributed intrusion detection system in electronic commerce security.
Time synchronization is an important middleware service of distributedsystems, amongst which distributed intrusion detection system (DIDS) makes extensive use of time synchronization in particularl. Time synchronizat...
详细信息
ISBN:
(纸本)9781424472352
Time synchronization is an important middleware service of distributedsystems, amongst which distributed intrusion detection system (DIDS) makes extensive use of time synchronization in particularl. Time synchronization has become a critical area of research today. Network Time Protocol (NTP) and Precision Time Protocol (PTP) are the current widely accepted standards for synchronizing clock over. This paper makes a comparison on the merits and the shortcomings of the two protocols and then provides a scheme of time synchronization based on NTP. This scheme uses a new approach to get local clock, which improves the accuracy of local clock. The results of experiments approve the scheme is feasible and improves the synchronization precision.
暂无评论