SMURFEN: a system framework for rule sharing collaborative intrusion detection

Authors:
Carol Fung;Quanyan Zhu;Raouf Boutaba;Tamer Başar
Affiliations:
University of Waterloo, Ontario, Canada;University of Illinois at Urbana-Champaign;University of Waterloo, Ontario, Canada, and Division of IT Convergence Engineering, POSTECH, Pohang, Korea;University of Illinois at Urbana-Champaign
Venue:
Proceedings of the 7th International Conference on Network and Services Management
Year:
2011

Citing 10
Cited 0

Chord: A scalable peer-to-peer lookup service for internet applications

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
I know my network: collaboration and expertise in intrusion detection

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Collaborative Internet Worm Containment

IEEE Security and Privacy
Corona: a high performance publish-subscribe system for the world wide web

NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Trust Management for Host-Based Collaborative Intrusion Detection

DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
CloudAV: N-version antivirus in the network cloud

SS'08 Proceedings of the 17th conference on Security symposium
When gossip is good: distributed probabilistic inference for detection of slow network intrusions

AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
Robust and scalable trust management for collaborative intrusion detection

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Cooperative detection and protection against network attacks using decentralized information sharing

Cluster Computing
A survey of internet worm detection and containment

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.