TRUST MANAGEMENT FOR EFFECTIVE COLLABORATIVE AGENT BASED INTRUSION DETECTION NETWORKS

R. Karthik, S. Veni

Abstract


Trust management can help improve intrusion detection by adding a level of focus to anomaly detection. By identifying bounds for valid network activity, robust trust management will aid an analyst in his/her ability to distinguish attack activity from common everyday traffic on the network variants. Since anomaly detection is not based on pre-defined signatures the concern with variants in the code of an exploit are not as great since we are looking for abnormal activity versus a unique signature. An example might be a Remote Procedure Call (RPC) buffer overflow exploit whose code has been modified slightly to evade IDS using signatures. With anomaly detection, the activity would be flagged since the destination machine has never seen an RPC connection attempt and the source IP was never seen connecting to the network.


Keywords


Intrusion detection, Anomaly detection, Trust management, Remote procedure call, Attacks.

References


Carol J Fung, Jie Zhang, Issam Aib, and Raouf Boutaba. Dirichlet-based trust management for effective collaborative intrusion detection networks. Network and Service Management, IEEE Transactions june 2011. 

C.J. Fung, Q. Zhu, R. Boutaba, and T. Barsar. Bayesian Decision Aggregation in Collaborative Intrusion Detection Networks(NOMS10), 2010.

 [3] Duma, C., Karresand, M., Shahmehri, N., Caronni, G.: A trust-aware, p2p-based overlay for intrusion detection. In: DEXA Workshops, pp. 692–697 (2006).

 [4] J. Oberheide, E. Cooke, and F. Jahanian. Cloudav: N-version antivirus in the network cloud. In Proceedings of the 17th USENIX Security Symposium, 2008.

 [5] Kozushko, H., Intrusion Detection: Host-Based and Network-Based Intrusion Detection Systems, white paper, 2003.

Roesch, M.Snort - Lightweight Intrusion Detection for Network. Proceedings of LISA '99: 13th Systems Administration Conference, Seattle, 1999.

 [7] Zhang, J., Cohen, R.: Trusting advice from other buyers in e-marketplaces: the problem of unfair ratings. In: ICEC 2006, pp. 225–234. ACM, New York (2006). 

Audit My PC. Port Scanning. Available from www.auditmypc.com/freescan/readingroom/port_scanning.asp (visited Feb. 15, 2012).

 Boncheva, V., A Short Survey of Intrusion Detection Systems, Available from www.iit.bas.bg/PECR/58/23-30.pdf (Visited Mar. 12, 2013).

 [10] Broadband DSL Reports. Is there a difference between a IDS and a firewall?. Available from www.dslreports.com/faq/6036 (visited Aug. 26, 2013).

Chou, T., Ensemble Fuzzy Belief Intrusion Detection Design. Available from www.proquest.umi.com (Visited Sept. 15, 2012).

 [12] Clement Dupuis, Access control systems and Methodology, comsec.theclerk.com/CISSP/Domain_1.doc (Apr. 2001). Available from http://209.85.165.104/search?q=cache:JVhyh5XDrQJ:comsec.theclerk.com/CISS P/Domain_1.doc+comsec.theclerk.com/CISSP/Domain_1.doc&hl=en&ct=clnk&c d=1&gl=us (visited Feb. 10, 2013).

 [13] Dubrawsky, I. Freeware Intrusion Detection Tools (2001). Available from www.samag.com/documents/s=1147/sam0108o/0108o.htm (Visited Feb. 9, 2013).

 [14] Innella, P. The Evolution of Intrusion Detection Systems. Tetrad Digital Integrity, LLC. Available from www.securityfocus.com/infocus/1514 (Visited May. 09, 2013).

 [15] Intrusion detection message exchange format. http://www.ietf.org/rfc/rfc4765.txt [Last accessed in Feb 15, 2013].

 [16] Jupitermedia Corporation. Intrusion Detection System (2007). Available from http://www.webopedia.com/TERM/I/intrusion_detection_system.html (visited Aug. 26, 2013).

KDD Cup 1999 Intrusion detection dataset: http://kdd.ics.uci.edu/ databases/kddcup99/kddcup99.html.

 [18] Leach, J. Firestorm Network Intrusion Detection System (2002-2003). Available from www.scaramanga.co.uk/firestorm/documentation/firestorm-doc.pdf (visited Aug. 22, 2012).

 [19] Macmillan Computer Publishing. Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network. Available from www.newdata.box.sk/bx/hacker/index.htm (visited Oct. 23, 2012).

 [20] Magalhaes, R. M. Intrusion Detection. Available from www.windowsecurity.com/articles/Hids_vs_Nids_Part1.html (visited Jun. 18, 2013).


Full Text: PDF

Refbacks

  • There are currently no refbacks.




 

Index by:



All Rights Reserved © 2012 IJARCSEE


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.