LIU Tong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.08.004

2005-01-01

Abstract:As the distributed intrusion becomes serious, the performance demand for distributed intrusion detection systems will be more and more important. In this paper, the concept of the Super-Peer intrusion detection model (SPIDM) is proposed. Furthermore, the technology of intelligent agent is implemented in this model. As a result, this efficient combination of distributed intrusion detection systems with the super-peer framework increases the system efficiency and collaboration, enhances the system openness, and thus improves the system performance as a whole.

Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Yingjie Xia,Guanghua Song,Yao Zheng

DOI: https://doi.org/10.4304/jcp.3.10.3-11

2008-01-01

Journal of Computers

Abstract:In order to implement both the efficiency and security in the Peer-to-Peer (P2P)network, we design a trusted small world overlay P2P network with the role based and reputation based access control policies, denoted as SW-R2P.TheSW-R2P system integrates the small world topology with zero knowledge identification and Bayesian trust model. The zero knowledge identification is utilized to securely cluster all the peers into several groups without transferring any related information. The peer groups are then linked together to construct a trusted small world network based on the probabilities calculated by the Bayesian trust model. The simulation experiments demonstrate that the SW-R2P system achieves the performance with increased success rate in the resources lookup, strengthened robustness under the overwhelming traffic loadings, reduced reputation errors caused by the malicious peers and enhanced peer satisfaction rate for different trust metrics. In conclusion, the SW-R2P system collectively exploits the advantages of small world, zero knowledge identification and Bayesian trust model, therefore implementing a scalable, secure and efficient P2P network.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Chang-Ting Lin,Chunming Wu,Min Huang,Zhenyu Wen,Qiumei Cheng

DOI: https://doi.org/10.1109/SRDSW.2016.21

2016-01-01

Abstract:IP address mutation is a proactive defense method that is used to reduce the risk of network attacks, especially to deal with the worm propagation attacks. However, previous work did not give much consideration to the negative effects that IP address mutation could bring to network performance. To be specific, there is a trade-off between network performance and security, which implies that when a security mechanism is reinforced, network performance would be impaired and vice versa. Therefore, in order to achieve the optimal balance between performance and security, an optimal solution should be provided. In this paper, we propose an adaptive IP mutation defense method which is based on temporal-dimension, to dynamically control the mutation interval according to real-time measurable metrics, assurance and avoidance. This method leverages a genetic algorithm to achieve the optimization of performance-security trade-off. We then evaluate our method in a simulated computer cluster environment, including 1024 hosts, and demonstrate that our method can successfully find the optimal solution according to the experimental results. For example, it can reduce the worm propagation significantly, while maintaining the network performance in a predefined level.

Yunhao Liu,Xiaomei Liu,Chen Wang,Li Xiao

DOI: https://doi.org/10.1109/icpp.2007.31

2007-01-01

Abstract:A flooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. Overlay flooding-based DDoS attacks can be more damaging in that a small number of messages are inherently propagated to consume a large amount of bandwidth and computation resources. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by comprehensive simulation studies. We believe that deploying DD-POLICE will make P2P systems more scalable and robust.

Lixiang Li,Jürgen Kurths,Yixian Yang,Guole Liu

DOI: https://doi.org/10.1155/2014/189213

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:In recent years, the complex network as the frontier of complex system has received more and more attention. Peer-to-peer (P2P) networks with openness, anonymity, and dynamic nature are vulnerable and are easily attacked by peers with malicious behaviors. Building trusted relationships among peers in a large-scale distributed P2P system is a fundamental and challenging research topic. Based on interpersonal relationships among peers of large-scale P2P networks, we present prevention and trust evaluation scheme, called IRTrust. The framework incorporates a strategy of identity authentication and a global trust of peers to improve the ability of resisting the malicious behaviors. It uses the quality of service (QoS), quality of recommendation (QoR), and comprehensive risk factor to evaluate the trustworthiness of a peer, which is applicable for large-scale unstructured P2P networks. The proposed IRTrust can defend against several kinds of malicious attacks, such as simple malicious attacks, collusive attacks, strategic attacks, and sybil attacks. Our simulation results show that the proposed scheme provides greater accuracy and stronger resistance compared with existing global trust schemes. The proposed scheme has potential application in secure P2P network coding.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Ruey-Maw Chen,Kuo-Ta Hsieh

DOI: https://doi.org/10.1002/dac.1289

2011-06-01

International Journal of Communication Systems

Abstract:Dependence on the Internet is increasing dramatically. Therefore, many researchers have given great attention to the issue of how to tighten Internet security. This study proposes a new scheme for the distributed intrusion prevention system (DIPS), in which the concept of ‘union’ is presented for satisfying the increasing requirements of Internet security issues. In this proposed design, the network intrusion detection system (NIDS) applies a misuse detection technique to detect well‐known intrusion behavior on the Internet. Meanwhile, for anomaly detection technique, a tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to reveal previously undiscovered intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service (DDoS) attacks inside the protected allied network is also covered. To increase the detection accuracy, reduction of false positives and false negatives is also accomplished. Experimental results reveal that the suggested network security system scheme is effective and efficient in resolving the intrusion activity problem of real network environments. Copyright © 2011 John Wiley & Sons, Ltd. In this work, a new system scheme of the allied distributed intrusion prevention system was implemented to meet the increasing Internet security issues. A network intrusion detection system (NIDS) applies misuse detection technique to detect well‐known intrusion behaviors on the Internet. Meanwhile, for anomaly detection technique, a designed tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to find out new intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service attacks inside the protected allied network is also designed. To increase the detection accuracy, reducing false positive and false negative are also accomplished.

telecommunications,engineering, electrical & electronic

Yan Chen,Aaron Beach,Jason Skicewicz

2004-01-01

Abstract:Traffic anomalies and distributed attacks are commonplace in today’s networks. Single point detection is often insufficient to determine the causes, patterns and prevalence of such events. Most existing distributed intrusion detection systems (DIDS) rely on centralized fusion, or distributed fusion with unscalable communication mechanisms. In this paper, we propose to build a distributed IDS based on the emerging decentralized location and routing infrastructure: distributed hash table (DHT). We embed the intrusion symptoms into the DHT dimensions so that alarms related to the same intrusion (thus with similar symptoms) will be routed to the same sensor fusion center (SFC) while evenly distributing unrelated alarms to different SFCs. This is achieved through careful routing key design based on: 1) analysis of essential characteristics of three common types of intrusions: DoS attacks, port scanning and virus/worm infection; and 2) distribution and stability analysis of the popular port numbers and those of the popular source IP addresses in scans. We further propose load-aware node bootstrapping to distribute the alarms more evenly across the fusion centers. Evaluation based on one month of DShield firewall logs (600 million scan records) collected from over 2200 Worldwide providers show that the resulting system, termed Cyber Disease DHT (CDDHT), can effectively fuse related alarms while distributing unrelated ones evenly among the SFCs. Open questions on querying and attack-resilience of CDDHT are also discussed.

Yan Zhang,Wei Wang,Shunying Lü

DOI: https://doi.org/10.1007/978-3-540-72584-8_84

2007-01-01

Abstract:Though research on the overlay network has progressed at a steady pace, its promise has yet to be realized. One major difficulty is that, by its very nature, the overlay networks is a large, uncensored system to which anyone may contribute. This raises the question of how much dependability to give each information source. Traditional overlay network simulators provide accurate low-level models of the network hardware and protocols, but none of them deal with the issue of trust and reliability in the large scale overlay networks. We tackle this problem by employing a trust overlay simulator, which offer a viable solution to simulate trustworthy behavior in overlay networks. With this simulator, we can examine varies kinds of trust and reputation mechanisms in a large scale overlay environment.

R Janakiraman,M Waldvogel,Q Zhang

DOI: https://doi.org/10.1109/enabl.2003.1231412

2003-01-01

Abstract:While the spread of the Internet has made the network ubiquitous, it has also rendered networked systems vulnerable to malicious attacks orchestrated from anywhere. These attacks or intrusions typically start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Attackers rely on increasingly sophisticated techniques like using distributed attack sources and obfuscating their network addresses. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targeted single point of failure. Scalable, distributed network intrusion prevention techniques are sorely needed.We propose Indra-a distributed scheme based on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We present initial ideas for running Indra over a peer-to-peer infrastructure to distribute up-to-date rumors, facts, and trust information in a scalable manner.

Li Xiao,Yunhao Liu

2004-01-01

Abstract:Current and future Internet and distributed systems rely on both centralized client-server model and decentralized peer-to-peer (P2P) model. P2P model is an emerging technology aiming to effectively utilize and manage increasingly large and globally distributed information and computing resources, complementing the available client-server services. In order to truly adopt the P2P model for deploying large-scale Internet applications, and timely merge this model as an indispensable component in the main stream of distributed computing technology, we must address several major technical challenges including the efficiency of overlay networks, cost-effective P2P information search, and privacy and security protection of peers. This dissertation focuses on addressing two critical issues. The first issue is topology mismatch problem between P2P overlay networks and the underlying physical networks in unstructured P2P systems. Addressing topology mismatch problem can fundamentally improve overall search performance of P2P systems. We demonstrate the seriousness of the topology mismatch problem, and define an optimal overlay problem that is proved to be a NP-hard problem. We then develop several effective schemes and algorithms to alleviate the topology mismatch problem. Our proposed algorithms are completely distributed, scalable and effective. Simulation studies show that the total traffic and response time of the queries can be significantly reduced by these schemes without shrinking the search scope. The second issue is overlay distributed denial-of-service (DDoS) attack in P2P systems. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by simulation studies and implementation on Gnutella 0.6 protocols. We believe that widely employing these proposed approaches will make P2P systems more scalable and robust.

Yingjie Xia,Guanghua Song,Yao Zheng,Jun Ni,Mingzhe Zhu

DOI: https://doi.org/10.1109/ICICSE.2008.7

2008-01-01

Abstract:This paper introduces a small world overlay Peer- to-peer (P2P) transfer system with role based and reputation based access control policies, through which we are able to solve several serious problems existed in traditional P2P systems, like resource piracy, user privacy and network jam. The role based access control policy is implemented by the certificate based cryptography, e.g. X509. The reputation based access control policy consists of artificial scoring and automatic scoring components, corresponding to the quality and quantity evaluation of the transfer resources respectively. This system, upon the two policies and the adaptive small world overlay P2P topology, can restrict the peer's role and select a more credible peer to upload and download without any loss of performance, for the reason of the dramatic topology. Indeed it provides a secure, controllable and efficient resource transfer community.

HAN Fu-ye,CHEN Zhen,LIANG Yong,LI Jun

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.04.003

2012-01-01

Abstract:Internet security problem is still not well addressed as there are many network security event occurs,such as sending huge volumes of spam or launching Distributed Denial-of-Service(DDoS) attacks to victim targets.These attacks are launched by attackers who controlled a well-organized distributed network consists of a larger volume of hosts called bots.It is difficult to suppress such a distributed,widely,and automotive organized botnet without collaborative effort among the well deployed network security appliances(e.g.Unified Threat Management,i.e.UTM) in Internet.In this paper,we propose a practical Collaborative Internet Security System based on Overlay Network.We design a Peer-to-Peer communication protocol,a collaborative module,and retrofit security functions for UTM to virtually interconnect these UTMs to build a Security Overlay Network.In this Security Overlay Network,each UTM can communicate with each other to exchange security rules,events and signatures,and the huge size of signatures and security rules file can be disseminated easily,also ensure the security rules version in UTM will be consistency.Our design leverages existing technology to fully construct a comprehensive Collaborative Internet Security System for practical use.In the real deployment of our Security Overlay Network,several concrete applications,experiments and demos are also conducted and the results are also presented.

Xiao-ning KANG,Dong-xing JIANG,Cheng ZHANG,Qi-xin LIU,Lin ZHOU,Hai-yan WU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.11.014

2005-01-01

Abstract:Network security is getting more important as the Internet evolves.Attacks like DoS,DDoS have become major attack methods on gigabit networks,not to mention the worms have used up network bandwidth.Traditional IDSes could not handle massive network data efficiently or block detected attacks in time.Focusing on those problems,this paper designed a distributed intrusion detection and blocking system which can run on high-speed networks efficiently,which is also known as IPS(Intrusion Prevention System).

Mo Zhou,Yafei Dai,Xiaoming Li

DOI: https://doi.org/10.1155/2007/27958

2007-01-01

Abstract:The architecture of P2P file-sharing applications has been developing to meet the needs of large scale demands. The structured overlay network, also known as DHT, has been used in these applications to improve the scalability, and robustness of the system, and to make it free from single-point failure. We believe that the measurement study of the overlay network used in the real filesharing P2P systems can provide guidance for the designing of such systems, and improve the performance of the system. In this paper, we perform the measurement in two different aspects. First, a modified client is designed to provide view to the overlay network from a single-user vision. Second, the instances of crawler programs deployed in many nodes managed to crawl the user information of the overlay network as much as possible. We also find a vulnerability in the overlay network, combined with the character of the DNS service, a more serious DDoS attack can be launched.

Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

Wu Liu,HaiXin Duan,Hong Zhang,Jianping Wu

2008-01-01

Abstract:The trust mechanism was introduced to dynamically evaluate user's behavior in P2P network, and bind user's reputation with its access control privilege in the network. In addition, the trust based dynamic access control mechanism and key algorithm was proposed and implemented. With the trust based network security management system implemented based on the trust mechanism, a malicious user will be kicked out from the network system and refused from accessing resources of the network automatically when the user's reputation is lower than some threshold.

Dong Yongle,Qian Jun,Shi Meilin

DOI: https://doi.org/10.1109/CCECE.2003.1226031

2003-01-01

Abstract:Widespread attacks involving multiple hosts/networks happen more frequently as internetworking among computer systems via the Internet becomes more widely and keeps rapid increase. Due to lack of information, it can be quite difficult for conventional intrusion detection systems to identify such attacks in progress. Cooperative intrusion detection, on the basis of information sharing, is proved as a necessary measure to detect widespread attacks by other researcher D. Frincke (2000), Polla, D. et al., (1998). This paper presents a cooperative approach for intrusion detection that provides a method for individual ID components working cooperatively to perform concerted detections. Being constructed on the basis of ID components, CoIDS can adopt both existed (usually more mature) and new ID techniques. This makes CoIDS extensible and scalable. In addition, an ID component is essentially an autonomous agent, which makes CoIDS available with certain loss of functionality even when the intrusion detection manager does not work. Its reliability is also improved because failure of one ID component will not cause any other to stop working. Furthermore, it improved the accuracy of detection for conventional intrusions by validating analysis result with data from different ID components.