The Mathematics of Infectious Diseases
SIAM Review
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Design of scalable expander interconnection networks
Design of scalable expander interconnection networks
Anomaly Detection Using Real-Valued Negative Selection
Genetic Programming and Evolvable Machines
Combinatorial Designs: Constructions and Analysis
Combinatorial Designs: Constructions and Analysis
The number of neighbors needed for connectivity of wireless networks
Wireless Networks
Complexity - Special issue: Resilient and adaptive defense of computing networks
A survey of peer-to-peer content distribution technologies
ACM Computing Surveys (CSUR)
Architecture for an Artificial Immune System
Evolutionary Computation
Thresholds for virus spread on networks
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Combinatorial design of key distribution mechanisms for wireless sensor networks
IEEE/ACM Transactions on Networking (TON)
Application-level simulation for network security
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
A probabilistic diffusion scheme for anomaly detection on smartphones
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
A game-theoretic analysis of cooperation in anonymity networks
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Hi-index | 0.00 |
We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.