LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

Pei-You Zhu,Ji Gao,Bo-Ou Jiang,Hui Song

DOI: https://doi.org/10.1109/ICMLC.2006.258807

2006-01-01

Abstract:Grid is a new technology which implements flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resources. Unlike in conventional network systems, the services and resources in Grid are heterogeneous and dynamic, they also belong to different domains. So the intrusion detection system (IDS) for Grid should be a system which could rapidly and dynamically integrate the related node detection resources of a Grid Computing application according to the dynamic detection demand and ensure the security of Grid Computing. Conventional network IDS lack the necessary flexibility needed by Grid environment and could not dynamically adjust their structure to the dynamic Grid Computing applications. This paper provides a new flexible multi-agent approach to intrusion detection for Grid (MAIDG). MAIDG not only takes advantage of the flexibility and autonomy of agent technology, but also makes good use of the Globus Toolkit4.0 (GT4)'s data management components which provide the virtual interfaces for all the (heterogeneous or homogeneous) detection resources and realize the publication, location, and high performance transfer of detection data. In a word, this paper provides a new ideal and way to realize the intrusion detection system for Grid.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Guofu Feng,Xiaoshe Dong,Weizhe Liu,Ying Chu,Junyang Li

DOI: https://doi.org/10.1109/apscc.2006.60

2006-01-01

Abstract:Detecting intrusions at host level is vital to protecting shared resources in grid, but traditional Host-based Intrusion Detecting System (HIDS) is not suitable for grid environment. Grid-specific attacks are different from traditional ones, and traditional HIDS can not recognize a grid user and always with high performance overhead. This paper proposes a Grid-specific Host-based Intrusion Detection System (GHIDS) which employs bottleneck verification approach to detect intrusions with low false alarm rate and high detection rate. Working within operating system kernel and performing bottleneck verification by integer comparison, GHIDS achieves high efficiency and accuracy. Security reports generated by GHIDS are indexed not only by local user ID, but also by Grid user ID. That is more useful for analyzing grid user behaviors globally by both host administrators and high level Grid-based IDS.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Jun Gao,Weiming Hu,Xiaoqin Zhang,Xi Li

DOI: https://doi.org/10.1109/wi-iat.2009.113

2009-01-01

Web Intelligence

Abstract:Due to the increasing demands for network security, distributed intrusion detection has become a hot research topic in computer science. However, the design and maintenance of the intrusion detection system (IDS) is still a challenging task due to its dynamic, scalability, and privacy properties. In this paper, we propose a distributed IDS framework which consists of the individual and global models. Specifically, the individual model for the local unit derives from Gaussian Mixture Model based on online Adaboost algorithm, while the global model is constructed through the PSO-SVM fusion algorithm. Experimental results demonstrate that our approach can achieve a good detection performance while being trained online and consuming little traffic to communicate between local units.

WEIJIE LIU,YONGJUN ZHU,WOOJU KIM,HAKJIN KIM,P. SURESH KUMAR,Dimitrios Damopoulos,Georgios Kambourakis,Marios Anagnostopoulos,Yuan Tian,Biao Song,Eui-nam Huh,Wei Tang,Doan Man Nguyen,Jun Young Park,Sang Ho Na,Tian yiμan,Eui-Nam Huh,Bofeng Zhang,Jianxing Zheng,Jianhua Ma,Yinsheng Li,Guobing Zou,Jongik Kim,Eunseok Lee,Yun Won Chung,Byoungwook Kim,HeonChang Yu,EunYoung Lee,Rize Jin,Tae-Sun Chung,Tien Dung,Eui Nam,NGUYEN DOAN MAN,JUN-YOUNG PARK,NA SANG-HO,TIAN YUAN

2012-01-01

Abstract:Intrusion Detection Systems (lDSs), nowadays, critically becomes an important security component in the novel commercial computing models to detect malicious behaviors timely and protect either network infrastructure or individual hosts from the serious damage of attacks. For Cloud Computing, various application scenarios and complexity at a higher level make the traditional IDS approaches difficult to find out the actual threats from the novel multi-step attacks, which stem from the new vulnerabilities of Cloud environments. Therefore, information about novel attack scenarios is an urgent requirement to operate IDSs built in Cloud Computing more efficiently and accurately. This paper focuses on developing a data mining-based approach to construct new attack scenarios from the sequences of low-level alerts gathered from multiple traditional IDSs. In addition, an Attack Signature Exchange (ASE) model between Interconnect Clouds in a Collaborative Cloud Computing environment which is considered as a prior knowledge exchange is also presented. Key-words: Intrusion Detection System, Cloud Computing, Attack scenario, Attack Signature, Collaborative Cloud

Wei-Fa Liao,Hung-Min Sun,Wei Wu

DOI: https://doi.org/10.1109/dasc-picom-datacom-cyberscitec.2016.159

2016-01-01

Abstract:In recent years, Cloud computing has become increasingly popular. Many companies have replaced traditional hosting to cloud hosting. Cloud providers are responsible for tenant isolation, if a tenant (virtual machine) is infected, other tenants will be affected. Because the virtual network environment is very complex, the traditional intrusion detection systems can only detect attacks from external networks, but can not effectively detect the internal traffic (virtual network). In order to full defend from a threat, we need to redesign the architecture of the intrusion detection system. In this thesis, we propose a flexible distributed architecture for intrusion detection, and uses software-defined networking technology for defensive purposes. In addition, our system collects alerts from different nodes, and analyzes their correlation to generate security rules to achieve the effect of a joint defense. To make the administrator more effective in management purposes, we also provide a web-based management center to reduce the burden on administrators. Finally, we analyze the performance of the proposed system with an original system. The results show that our system adds slightly overhead, and it can effectively block the malicious flow.

Wang Xingzhi,Yan Zheng,Li Li

DOI: https://doi.org/10.1016/j.compeleceng.2009.12.010

IF: 4.152

2010-01-01

Computers & Electrical Engineering

Abstract:5This paper addresses the problem of parallel dynamic security assessment applications from static homogeneous cluster environment to dynamic heterogeneous grid environment. Functional parallelism and data parallelism are supported by each of the message passing interface model and TCP/IP model. To consider the differences in heterogeneous computing resources and complexity of large-scale power system communities, a kernel-based multilevel algorithm is proposed for network partitioning. Since the bottleneck in distributed computation is low speed network communication, a bi-level latency exploitation technique is introduced for numerically solving system differential equations. The proposed grid-based implementation includes the core simulation engine, grid computing middleware, a Python interface and Python front-end utilities. Tests for a 39-bus network, a 4000-bus network and a 10,000-bus network are reported, and the results of these experiments demonstrate that the proposed scheme is able to execute the distributed simulations on computational grid infrastructure and provide efficient parallelism. (C) 2010 Elsevier Ltd. All rights reserved.

Yan-guo Wang,Xi Li,Weiming Hu

DOI: https://doi.org/10.1109/icsmc.2008.4811596

2008-01-01

Abstract:With the increasing requirements of fast response and privacy protection, how to detect network intrusions in a distributed architecture becomes a hot research area in the development of modern information security systems. However, it is a challenge to build such a system, given the difficulties brought by the mixed-attribute property of network connection data and the constraints on network communication. In this paper, we present a framework for distributed detection of network intrusions based on a parametric model. The parametric model can explicitly reflect the distributions of different intrusion types and handle the mixed-attribute data naturally. Based on the model, we can generate an accurate global intrusion detector with a very low cost of communication among the distributed detection sites, and no sharing of original network data is needed. Experimental results demonstrate the advantages of the proposed framework in the distributed intrusion detection application.

Xj Gu,Sx Yang

2005-01-01

Abstract:For modem complex industrial machines, due to the variable nature of faults and model uncertainty, no single approach can diagnose all faults and meet different contradictory criteria. To overcome these shortfalls and exploit advantages of different approaches, an integration of different methods or hybrid schemes are highly recommended. With the latest development in Internet and Intranet technologies, especially with the development of the Grid computing, it is now possible to provide different algorithms as individual services and combine these services dynamically to generate a 'virtual organization' for fault diagnostic purposes. Therefore, the main idea of this paper is to build an integrated fault diagnosis system on the computational grid structure and the preliminary implementation of this integration for the complex electromechanical equipments fault diagnosis is discussed.

Zhang Xiaosong,Chen Ting,Ma Yue,Li Hua

DOI: https://doi.org/10.1109/ICFIN.2009.5339561

2009-01-01

Abstract:This paper proposes a model of intrusion detection based on peer-to-peer (p2p) mechanism. The crux of our research is that quantitatively analyze the response rate of the global intrusion detection system (IDS). The principal approaches are modeling, deduction and numerical simulation. Theoretical proof and experiments demonstrate that our model is reliable and robust. Based on this model, we draw the following conclusions. First, this model is insensitive to network scale so it is adaptable to large-scale network. Second, response rate depends mostly on peer's degree. Third, our model does not care about how many peers are aware of intrusion in the beginning. In a word, with proper parameters our model can achieve an extremely rapid response rate.

X Jin,YX Zhang,YY Wei

2004-01-01

Abstract:Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs) is becoming an exciting and important technology in very recent years, because the intrusion prevention techniques can not satisfy the security requirements in mission critical systems. Most existing IDSs for MANETs are focusing on the security vigor of the design but losing sight of the network performance aspect. In this paper we propose a cluster-based intrusion detection system for MANETs, which can rectify its detection level dynamically adapting to both the run-time resource constraints and the threat level of the network. Compared with the scheme that each node runs its own IDS, our proposed scheme is more efficient while maintaining the same level of detection rate. While compared with the common cluster-based IDS scheme, this scheme is more flexible when facing the emergent situations. Thus, our scheme effectively balances security strength and network performance in practice.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/tsg.2011.2159818

IF: 10.275

2011-01-01

IEEE Transactions on Smart Grid

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.

Huiqi Zhao,Gaoyuan Liu,Huayi Sun,Guangyuan Zhong,Shanchen Pang,Sibo Qiao,Zhihan Lv

DOI: https://doi.org/10.1007/s12652-023-04538-4

IF: 3.662

2023-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:As a highly automated power transmission network, the smart grid can monitor each user and grid node and connect different devices to improve the function of conventional power network significantly, but this heterogeneous network also brings greater security risks, attackers can use vulnerabilities existing in smart grids. Intrusion Detection System (IDS) constitutes an important means to protect critical information from being leaked. in a smart grid environment. In this paper, we proposed an AMI intrusion detection model for smart grid, which is widely distributed in the three-layer architecture of the grid system through particle swarm algorithm combined with random forest method. To improve the model’s accuracy, this paper adopts the dynamic weight formula and various adaptive mutation methods to optimize the iterative process of the algorithm. Besides, we use parallel strategy to make up for the lack of precision in the mutation of the algorithm. The AM-PPSO algorithm proposed in this paper performs well in the CEC2017 benchmark function test, effectively ensuring the improvement of the RF classifier. Finally, we use NPL-KDD, UNSW-UB15, and X-IIoTID standard intrusion detection datasets to simulate, results show that our model achieves 97–99

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/PES.2011.6039697

2011-01-01

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless technologies including 802.15.4, 802.11, and the Zigbee protocol. Each of these will expose the power grid to cyber security threats. In order to address this issue, this work proposes a Distributed Intrusion Detection System for Smart Grids (SGDIDS) by developing and deploying an intelligent module, the Analyzing Module (AM) in the multiple layers of smart grids. Multiple AMs will be embedded at each level of the smart grid - the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN) - where they will use Artificial Immune System (AIS) to detect and classify malicious data and possible cyber attacks. AMs at each level will be trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for identifying malicious network traffic and improving system security.

Peng Ning,Sushil Jajodia,Xiaoyang Sean Wang

DOI: https://doi.org/10.1145/503339.503342

2001-01-01

ACM Transactions on Information and System Security

Abstract:Abstraction is an important issue in intrusion detection, since it not only hides the difference between heterogeneous systems, but also allows generic intrusion-detection models. However, abstraction is an error-prone process and is not well supported in current intrusion-detection systems (IDSs). This article presents a hierarchical model to support attack specification and event abstraction in distributed intrusion detection. The model involves three concepts: system view , signature , and view definition . A system view provides an abstract interface of a particular type of information; defined on the instances of system views, a signature specifies certain distributed attacks or events to be monitored; a view definition is then used to derive information from the matches of a signature and presents it through a system view. With the three elements, the model provides a hierarchical framework for maintaining signatures, system views, as well as event abstraction. As a benefit, the model allows generic signatures that can accommodate unknown variants of known attacks. Moreover, abstraction represented by a system view can be updated without changing either its specification or the signatures specified on its basis. This article then presents a decentralized method for autonomous but cooperative component systems to detect distributed attacks specified by signatures. Specifically, a signature is decomposed into finer units, called detection tasks , each of which represents the activity to be monitored on a component system. The component systems (involved in a signature) then perform the detection tasks cooperatively according to the "dependency" relationships among these tasks. An experimental system called CARDS has been implemented to test the feasibility of the proposed approach.

WU Jun,WANG Chong-Jun,WANG Jun,CHEN Shi-Fu

DOI: https://doi.org/10.1109/WI-IATW.2006.61

2006-01-01

Abstract:At present, distributed intrusion detection systems are taking on more and more characteristic of distributing and intelligence. Multi-agent system (MAS), which shows its intelligence by the interaction of a group of intelligent agents, is a popular tool for building novel intrusion detection systems (IDSs). The BDI (belief-desire-intention) model is a well studied architecture of agency for intelligent agents situated in complex and dynamic environments. Traditional MAS-based distributed IDSs commonly do their detection work within a framework that employs the method of distributed data collection and hierarchical data analysis. This is a simple and strict method, but it restricts the characteristic of distributing, intelligence and real-time response badly. In this paper, we present a dynamically-created hierarchical framework, and then bring forward the basic algorithm system to support it. We introduce the opponent BDI model to our agents, and realize the detection based on multi-agent cooperation, which effectively improves the traditional distributed intrusion detection

Jh Yang,Zh Wu,Sl Tang,Xs Guo

DOI: https://doi.org/10.1007/978-3-540-30207-0_21

2004-01-01

Abstract:HLA-based distributed simulation has no mechanisms for managing execution according to the dynamically changing conditions of computing resources and no implementation with dynamical discovery. Grid Computing is designed to coordinate resources that are not subject to centralized control. We present the design of a system supporting execution of HLA-based Parallel and Distributed Simulation (PADS) on the Grid Computing Environment. Firstly, we focus on the architecture of Distributed Interactive Simulation on the Grid (DISG). The architecture definition consists of descriptions of functionality of new tools and Grid Services and indicates where interfaces should be described. We present a model of Virtual Battlefield Attack-Defense Countermeasure Simulation (VBADCS) on the Grid. This model describes how to plug HLA/RTI simulations into the Grid Services framework. Finally, we give an experimental instance of DISG to validate the feasibility and examine the performance of the key techniques of DISG.

ZHANG Ran,HE Jing-sha

2005-01-01

Abstract:Based on the analysis of the limitation of traditional intrusion detection systems, the concept of dynamic adaptive IDS is proposed, and a model of dynamic adaptive intrusion detection and response is estab-lished. By dynamic association among its elements and adaptive policies, this model provides dynamic adaptability to the changing environment and attacks with its dynamically configurable architecture, functions, and management. In addition, the concept of coordination domain is proposed in order to facilitate the management of coordinative detection.