SMURFEN: A system framework for rule sharing collaborative intrusion detection

Carol Fung, Quanyan Zhu, Raouf Boutaba, Tamer Basar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a Rule Sharing intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.

Original languageEnglish (US)
Title of host publication2011 7th International Conference on Network and Service Management, CNSM 2011
StatePublished - Dec 1 2011
Event2011 7th International Conference on Network and Service Management, CNSM 2011 - Paris, France
Duration: Oct 24 2011Oct 28 2011

Publication series

Name2011 7th International Conference on Network and Service Management, CNSM 2011

Other

Other2011 7th International Conference on Network and Service Management, CNSM 2011
CountryFrance
CityParis
Period10/24/1110/28/11

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Fung, C., Zhu, Q., Boutaba, R., & Basar, T. (2011). SMURFEN: A system framework for rule sharing collaborative intrusion detection. In 2011 7th International Conference on Network and Service Management, CNSM 2011 [6104003] (2011 7th International Conference on Network and Service Management, CNSM 2011).