SMURFEN: A system framework for rule sharing collaborative intrusion detection

Carol Fung; Quanyan Zhu; Raouf Boutaba; Tamer Basar

SMURFEN: A system framework for rule sharing collaborative intrusion detection

Carol Fung, Quanyan Zhu, Raouf Boutaba, Tamer Basar

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

Original language	English (US)
Title of host publication	2011 7th International Conference on Network and Service Management, CNSM 2011
State	Published - 2011
Event	2011 7th International Conference on Network and Service Management, CNSM 2011 - Paris, France Duration: Oct 24 2011 → Oct 28 2011

Publication series

Name	2011 7th International Conference on Network and Service Management, CNSM 2011

Other

Other	2011 7th International Conference on Network and Service Management, CNSM 2011
Country/Territory	France
City	Paris
Period	10/24/11 → 10/28/11

ASJC Scopus subject areas

Computer Networks and Communications

Cite this

SMURFEN: A system framework for rule sharing collaborative intrusion detection. / Fung, Carol; Zhu, Quanyan; Boutaba, Raouf et al.
2011 7th International Conference on Network and Service Management, CNSM 2011. 2011. 6104003 (2011 7th International Conference on Network and Service Management, CNSM 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Fung, C, Zhu, Q, Boutaba, R & Basar, T 2011, SMURFEN: A system framework for rule sharing collaborative intrusion detection. in 2011 7th International Conference on Network and Service Management, CNSM 2011., 6104003, 2011 7th International Conference on Network and Service Management, CNSM 2011, 2011 7th International Conference on Network and Service Management, CNSM 2011, Paris, France, 10/24/11.

@inproceedings{86e4362fc51e4dae8d440773e15d5398,

title = "SMURFEN: A system framework for rule sharing collaborative intrusion detection",

abstract = "Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.",

author = "Carol Fung and Quanyan Zhu and Raouf Boutaba and Tamer Basar",

year = "2011",

language = "English (US)",

isbn = "9781457715884",

series = "2011 7th International Conference on Network and Service Management, CNSM 2011",

booktitle = "2011 7th International Conference on Network and Service Management, CNSM 2011",

note = "2011 7th International Conference on Network and Service Management, CNSM 2011 ; Conference date: 24-10-2011 Through 28-10-2011",

}

TY - GEN

T1 - SMURFEN

T2 - 2011 7th International Conference on Network and Service Management, CNSM 2011

AU - Fung, Carol

AU - Zhu, Quanyan

AU - Boutaba, Raouf

AU - Basar, Tamer

PY - 2011

Y1 - 2011

N2 - Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

AB - Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

UR - http://www.scopus.com/inward/record.url?scp=84855735622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84855735622&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84855735622

SN - 9781457715884

T3 - 2011 7th International Conference on Network and Service Management, CNSM 2011

BT - 2011 7th International Conference on Network and Service Management, CNSM 2011

Y2 - 24 October 2011 through 28 October 2011

ER -

SMURFEN: A system framework for rule sharing collaborative intrusion detection

Abstract

Publication series

Other

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this