Self-organized Collaboration of Distributed IDS Sensors

Bartos, Karel; Rehak, Martin; Svoboda, Michal

doi:10.1007/978-3-642-37300-8_13

Karel Bartos¹⁹,
Martin Rehak^19,20 &
Michal Svoboda²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7591))

Included in the following conference series:

International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

1871 Accesses
1 Citations

Abstract

We present a distributed self-organized model for collaboration of multiple heterogeneous IDS sensors. The distributed model is based on a game-theoretical approach that optimizes behavior of each IDS sensor with respect to other sensors in highly dynamic environments. We propose a general formalization of the problem of distributed collaboration as a game between defenders and attackers and introduce ε-FIRE, a solution concept suitable for solving this game in highly dynamic environments.

Our experimental evaluation of the proposed collaboration model on real network traffic clearly shows improvements in the detection capabilities of all IDS sensors, allowing each system to specialize on particular network activities while not reducing the overall effectiveness. The concept of opponent aware, self-coordinating and strategically reasoning Network Intrusion Detection Networks allows effective collaboration of individual system defenders that may match a market-based collaboration structures of the attackers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 72.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Cisco netflow, http://www.cisco.com/warp/public/732/tech/netflow
Aumann, R.: Correlated equilibrium as an expression of Bayesian rationality. Econometrica: Journal of the Econometric Society (1987)
Google Scholar
Blum, A., Mansour, Y.: Learning, regret minimization and equilibria. In: Algorithmic Game Theory, ch. 4, pp. 79–101. Cambridge University Press (2007)
Google Scholar
Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format (idmef). rfc 4765 March, (4765) (2007)
Google Scholar
Elshoush, H.T., Osman, I.M.: Alert correlation in collaborative intelligent intrusion detection systems–a survey. Applied Soft Computing (2011)
Google Scholar
Hart, S.: Adaptive Heuristics. Econometrica 73(5), 1401–1430 (2005)
Article MathSciNet MATH Google Scholar
Hart, S.: Nash equilibrium and dynamics. Discussion Paper Series dp490, Center for Rationality and Interactive Decision Theory, Hebrew University, Jerusalem (2008)
Google Scholar
Hart, S., Mas-Colell, A.: A simple adaptive procedure leading to correlated equilibrium. Econometrica 68(5), 1127–1150 (2000)
Article MathSciNet MATH Google Scholar
Huynh, T.D., Jennings, N.R., Shadbolt, N.R.: Fire: An integrated trust and reputation model for open multi-agent systems. In: ECAI, pp. 18–22 (2004)
Google Scholar
Nisan, N., Roughgarden, T., Tardos, E., Vazirani, V.V.: Algorithmic Game Theory. Cambridge University Press, New York (2007)
Book MATH Google Scholar
Rehak, M., Pechoucek, M., Grill, M., Stiborek, J., Bartos, K., Celeda, P.: Adaptive multiagent system for network traffic monitoring. IEEE Intelligent Systems 24(3), 16–25 (2009)
Article Google Scholar
Shamma, J., Arslan, G.: Dynamic fictitious play, dynamic gradient play, and distributed convergence to Nash equilibria. IEEE Transactions on Automatic Control 50(3), 312–327 (2005)
Article MathSciNet Google Scholar
Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction. The MIT Press (March 1998)
Google Scholar
Wunder, M., Littman, M.L., Babes, M.: Classes of multiagent q-learning dynamics with epsilon-greedy exploration. In: ICML 2010, pp. 1167–1174 (2010)
Google Scholar
Zinkevich, M., Johanson, M., Bowling, M.H., Piccione, C.: Regret minimization in games with incomplete information. In: Platt, J.C., Koller, D., Singer, Y., Roweis, S.T. (eds.) NIPS. MIT Press (2007)
Google Scholar

Download references

Author information

Authors and Affiliations

Faculty of Electrical Engineering, Czech Technical University in Prague, Prague, Czech Republic
Karel Bartos & Martin Rehak
Cognitive-Security s.r.o., Prague, Czech Republic
Martin Rehak & Michal Svoboda

Authors

Karel Bartos
View author publications
You can also search for this author in PubMed Google Scholar
Martin Rehak
View author publications
You can also search for this author in PubMed Google Scholar
Michal Svoboda
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department C, HFT Stuttgart, Schellingstr. 24, 70174, Stuttgart, Germany
Ulrich Flegel
Department of Computer Science, Foundation for Research and Technology – Hellas (FORTH), 100 Plastira Ave, Vassilika Vouton, 70013, Heraklion, Crete, Greece
Evangelos Markatos
College of Computer and Information Science, Northeastern University, 360 Huntington Ave, 02115, Boston, MA, USA
William Robertson

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bartos, K., Rehak, M., Svoboda, M. (2013). Self-organized Collaboration of Distributed IDS Sensors. In: Flegel, U., Markatos, E., Robertson, W. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2012. Lecture Notes in Computer Science, vol 7591. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37300-8_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-37300-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37299-5
Online ISBN: 978-3-642-37300-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics