Bayesian decision aggregation in collaborative intrusion detection networks

Carol J. Fung, Quanyan Zhu, Raouf Boutaba, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cooperation between intrusion detection systems (IDSs) allow collective information and experience from a network of IDSs to be shared for improving the accuracy of detection. A critical component of a collaborative network is the mechanism of feedback aggregation in which each IDS makes an overall security evaluation based on peer opinions and assessments. In this paper, we propose a collaboration framework for intrusion detection networks (CIDNs) and use a Bayesian approach for feedback aggregation by minimizing the combined costs of missed detection and false alarm. The proposed model is highly scalable, robust, and cost effective. Experimental results demonstrate an improvement in the true positive detection rate and a reduction in the average cost of our mechanism compared to existing models.

Original languageEnglish (US)
Title of host publicationProceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium, NOMS 2010
PublisherIEEE Computer Society
Pages349-356
Number of pages8
ISBN (Print)9781424453672
DOIs
StatePublished - Jan 1 2010
Event12th IEEE/IFIP Network Operations and Management Symposium, NOMS 2010 - Osaka, Japan
Duration: Apr 19 2010Apr 23 2010

Publication series

NameProceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium, NOMS 2010

Other

Other12th IEEE/IFIP Network Operations and Management Symposium, NOMS 2010
CountryJapan
CityOsaka
Period4/19/104/23/10

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Management Science and Operations Research

Cite this

Fung, C. J., Zhu, Q., Boutaba, R., & Başar, T. (2010). Bayesian decision aggregation in collaborative intrusion detection networks. In Proceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium, NOMS 2010 (pp. 349-356). [5488489] (Proceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium, NOMS 2010). IEEE Computer Society. https://doi.org/10.1109/NOMS.2010.5488489