research-article

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

Authors:

Lam For KwokAuthors Info & Claims

IEEE Transactions on Network and Service Management, Volume 14, Issue 1

Pages 233 - 245

https://doi.org/10.1109/TNSM.2017.2664893

Published: 01 March 2017 Publication History

Abstract

Overhead network packets are a big challenge for intrusion detection systems (IDSs), which may increase system burden, degrade system performance, and even cause the whole system collapse, when the number of incoming packets exceeds the maximum handling capability. To address this issue, packet filtration is considered as a promising solution, and our previous research efforts have proven that designing a trust-based packet filter was able to refine unwanted network packets and reduce the workload of a local IDS. With the development of Internet cooperation, collaborative intrusion detection environments (e.g., CIDNs) have been developed, which allow IDS nodes to collect information and learn experience from others. However, it would not be effective for the previously built trust-based packet filter to work in such a collaborative environment, since the process of trust computation can be easily compromised by insider attacks. In this paper, we adopt the existing CIDN framework and aim to apply a collaborative trust-based approach to reduce unwanted packets. More specifically, we develop a collaborative trust-based packet filter, which can be deployed in collaborative networks and be robust against typical insider attacks (e.g., betrayal attacks). Experimental results in various simulated and practical environments demonstrate that our filter can perform effectively in reducing unwanted traffic and can defend against insider attacks through identifying malicious nodes in a quick manner, as compared to similar approaches.

References

[1]

A. V. Aho and M. J. Corasick, “Efficient string matching: An aid to bibliographic search,” Commun. ACM, vol. Volume 18, no. Issue 6, pp. 333–340, 1975.

Digital Library

[2]

R. S. Boyer and J. S. Moore, “A fast string searching algorithm,” Commun. ACM, vol. Volume 20, no. Issue 10, pp. 762–772, 1977.

Digital Library

[3]

A. Bremler-Barr and Y. Koral, “Accelerating multipattern matching on compressed HTTP traffic,” IEEE/ACM Trans. Netw., vol. Volume 20, no. Issue 3, pp. 970–983, 2012.

Digital Library

[4]

Y.-K. Chang, M.-L. Tsai, and C.-C. Su, “Improved TCAM-based pre-filtering for network intrusion detection systems,” in Proc. 22nd Int. Conf. Adv. Inf. Netw. Appl. (AINA), Ginowan, Japan, 2008, pp. 985–990.

Digital Library

[5]

Y.-H. Choi, M.-Y. Jung, and S.-W. Seo, “A fast pattern matching algorithm with multi-byte search unit for high-speed network security,” Comput. Commun., vol. Volume 34, no. Issue 14, pp. 1750–1763, 2011.

Digital Library

[6]

H. Dreger, A. Feldmann, V. Paxson, and R. Sommer, “Operational experiences with high-volume network intrusion detection,” in Proc. ACM Conf. Comput. Commun. Security (CCS), Washington, DC, USA, 2004, pp. 2–11.

Digital Library

[7]

C. Duma, M. Karresand, N. Shahmehri, and G. Caronni, “A trustaware, P2P-based overlay for intrusion detection,” in Proc. 17th Int. Workshop Database Expert Syst. Appl. (DEXA), Kraków, Poland, 2006, pp. 692–697.

Digital Library

[8]

A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for defending firewalls against DoS attacks,” in Proc. IEEE INFOCOM, Rio de Janeiro, Brazil, 2009, pp. 2437–2445.

[9]

M. Fisk and G. Varghese, “An analysis of fast string matching applied to contentbased forwarding and intrusion detection,” <institution content-type=department>Dept. Comput. Sci. Eng</institution>., <institution content-type=institution>Univ. California at San Diego</institution>, San Diego, CA, USA, Tech. Rep. CS2001-0670, 2002.

[10]

C. J. Fung, O. Baysal, J. Zhang, I. Aib, and R. Boutaba, “Trust management for host-based collaborative intrusion detection,” in Proc. 19th IFIP/IEEE Int. Workshop Distrib. Syst. Oper. Manag. (DSOM), 2008, pp. 109–122.

Digital Library

[11]

C. J. Fung, O. Baysal, J. Zhang, I. Aib, and R. Boutaba, “Robust and scalable trust management for collaborative intrusion detection,” in Proc. IFIP/IEEE Int. Symp. Integr. Netw. Manag. (IM), New York, NY, USA, 2009, pp. 33–40.

Digital Library

[12]

C. J. Fung, Q. Zhu, R. Boutaba, and T. Basar, “Bayesian decision aggregation in collaborative intrusion detection networks,” in Proc. IEEE Netw. Oper. Manag. Symp. (NOMS), Osaka, Japan, 2010, pp. 349–356.

[13]

A. K. Ghosh, J. Wanken, and F. Charron, “Detecting anomalous and unknown intrusions against programs,” in Proc. 14th Annu. Comput. Security Appl. Conf. (ACSAC), Phoenix, AZ, USA, 1998, pp. 259–267.

Digital Library

[14]

R. N. Horspool, “Practical fast searching in strings,” Softw. Pract. Experience, vol. Volume 10, no. Issue 6, pp. 501–506, 1980.

[15]

A. Hrivnak, “Host based intrusion detection: An overview of tripwire and intruder alert,” <institution content-type=division>SANS Inst</institution>., Bethesda, MD, USA, Tech. Rep. 353, 2002. {Online}. Available: http://www.sans.org/reading_room/whitepapers/detection/host-based-intrusion-detection-overview-tripwireintruder-alert_353

[16]

I. Sourdis, V. Dimopoulos, D. Pnevmatikatos, and S. Vassiliadis, “Packet pre-filtering for network intrusion detection,” in Proc. ACM/IEEE Symp. Archit. Netw. Commun. Syst. (ANCS), San Jose, CA, USA, 2006, pp. 183–192.

Digital Library

[17]

H. Kim, H.-S. Kim, and S. Kang, “A memory-efficient bit-split parallel string matching using pattern dividing for intrusion detection systems,” IEEE Trans. Parallel Distrib. Syst., vol. Volume 22, no. Issue 11, pp. 1904–1911, 2011.

Digital Library

[18]

W. Lee et al., “Performance adaptation in real-time intrusion detection systems,” in Proc. 5th Int. Symp. Recent Adv. Intrusion Detection (RAID), Zürich, Switzerland, 2002, pp. 252–273.

Digital Library

[19]

Threats Predictions In 2013, <institution content-type=division>McAfee Labs</institution>, Santa Clara, CA, USA, 2013. {Online}. Available: http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2013.pdf

[20]

Y. Meng and L.-F. Kwok, “Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection,” in Proc. 7th Int. Conf. Inf. Assurance Security (IAS), 2011, pp. 74–79.

[21]

Y. Meng, L.-F. Kwok, and W. Li, “Towards Designing packet filter with a trust-based approach using Bayesian inference in network intrusion detection,” in Proc. 8th Int. Conf. Security Privacy Commun. Netw. (SECURECOMM), Padua, Italy, 2012, pp. 203–221.

[22]

Y. Meng and L.-F. Kwok, “Enhancing list-based packet filter using IP verification mechanism against IP spoofing attack in network intrusion detection,” in Proc. 6th Int. Conf. Netw. Syst. Security (NSS), Wuyishan, China, 2012, pp. 1–14.

Digital Library

[23]

Y. Meng and L.-F. Kwok, “Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection,” J. Netw. Comput. Appl., vol. Volume 39, pp. 83–92, 2014.

[24]

D. Pao and X. Wang, “Multi-stride string searching for high-speed content inspection,” Comput. J., vol. Volume 55, no. Issue 10, pp. 1216–1231, 2012.

Digital Library

[25]

P. A. Porras and R. A. Kemmerer, “Penetration state transition analysis: A rule-based intrusion detection approach,” in Proc. 8th Annu. Comput. Security Appl. Conf. (ACSAC), San Antonio, TX, USA, 1992, pp. 220–229.

[26]

D. Quercia, S. Hailes, and L. Capra, “B-Trust: Bayesian trust framework for pervasive computing,” in Proc. 4th Int. Conf. Trust Manag. (iTrust), Pisa, Italy, 2006, pp. 298–312.

Digital Library

[27]

R. L. Rivest, “On the worst-case behavior of string-searching algorithms,” SIAM J. Comput., vol. Volume 6, no. Issue 4, pp. 669–674, 1977.

[28]

M. Roesch, “Snort—Lightweight intrusion detection for networks,” in Proc. 13th Large Installation Syst. Admin. Conf. (LISA), Seattle, WA, USA, 1999, pp. 229–238.

Digital Library

[29]

K. A. Scarfone and P. M. Mell, “Guide to intrusion detection and prevention systems (IDPS),” <institution content-type=department>Dept. Comput. Security Div</institution>., <institution content-type=division>Inf. Technol. Lab</institution>., <institution content-type=institution>Nat. Inst. Stand. Technol</institution>., Gaithersburg, MD, USA, Tech. Rep. SP 800-94, 2007. {Online}. Available: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf

Digital Library

[30]

L. Schaelicke, T. Slabach, B. Moore, and C. Freeland, “Characterizing the performance of network intrusion detection sensors,” in Proc. 6th Int. Symp. Recent Adv. Intrusion Detection (RAID), Pittsburgh, PA, USA, 2003, pp. 155–172.

[31]

R. Smith, C. Estan, and S. Jha, “XFA: Faster signature matching with extended automata,” in Proc. IEEE Symp. Security Privacy, Oakland, CA, USA, 2008, pp. 187–201.

Digital Library

[32]

(2015). Snort: An Open Source Network Intrusion Prevention and Detection System (IDS/IPS) . {Online}. Available: http://www.snort.org/

[33]

H. Song, T. Sproull, M. Attig, and J. Lockwood, “Snort offloader: A reconfigurable hardware NIDS filter,” in Proc. Int. Conf. Field Program. Logic Appl., Tampere, Finland, 2005, pp. 493–498.

[34]

Y. L. Sun, W. Yu, Z. Han, and K. J. R. Liu, “Information theoretic framework of trust modeling and evaluation for ad hoc networks,” IEEE J. Sel. Areas Commun., vol. Volume 24, no. Issue 2, pp. 305–317, 2006.

Digital Library

[35]

Internet Security Threat Report, 17 Main Report, <institution content-type=division>Symantec Corp</institution>., Mountain View, CA, USA, 2012. {Online}. Available: http://www.symantec.com/business/threatreport/index.jsp

[36]

T. A. Tuan, “A game-theoretic analysis of trust management in P2P systems,” in Proc. 1st Int. Conf. Commun. Electron. (ICCE), Hanoi, Vietnam, 2006, pp. 130–134.

[37]

G. Vigna and R. A. Kemmerer, “NetSTAT: A network-based intrusion detection approach,” in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), Phoenix, AZ, USA, 1998, pp. 25–34.

Digital Library

[38]

A. Valdes and D. Anderson, “Statistical methods for computer usage anomaly detection using NIDES,” <institution content-type=division>SRI Int</institution>., Menlo Park, CA, USA, Tech. Rep., 1995.

[39]

E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, “Taxonomy and survey of collaborative intrusion detection,” ACM Comput. Surveys, vol. Volume 47, no. Issue 4, 2015, Art. no. .

Digital Library

[40]

(2015). Wireshark: Network Protocol Analyzer . {Online}. Available: http://www.wireshark.org/

[41]

Y.-S. Wu, B. Foo, Y. Mei, and S. Bagchi, “Collaborative intrusion detection system (CIDS): A framework for accurate and efficient IDS,” in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), Las Vegas, NV, USA, 2003, pp. 234–244.

Digital Library

[42]

C. V. Zhou, C. Leckie, and S. Karunasekera, “A survey of coordinated attacks and collaborative intrusion detection,” Comput. Securirty, vol. Volume 29, no. Issue 1, pp. 124–140, 2010.

Digital Library

Cited By

Duan YMeng WChiu WWang YSekar VYu MSeneviratne AVeitch D(2024)DEMO: Towards A Novel Ultrasonic Side-channel Attack on Mobile DevicesProceedings of the ACM SIGCOMM 2024 Conference: Posters and Demos10.1145/3672202.3673730(101-103)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672202.3673730
Jonker SJelstrup MMeng WLampe B(2024)Detecting Post Editing of Multimedia Images using Transfer Learning and Fine TuningACM Transactions on Multimedia Computing, Communications, and Applications10.1145/363328420:6(1-22)Online publication date: 8-Mar-2024
https://dl.acm.org/doi/10.1145/3633284
Chen XFeng WGe NZhang Y(2024)Zero Trust Architecture for 6G SecurityIEEE Network: The Magazine of Global Internetworking10.1109/MNET.2023.332635638:4(224-232)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MNET.2023.3326356
Show More Cited By

Index Terms

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments
1. Networks
  1. Network services
    1. Network monitoring
2. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Packet pre-filtering for network intrusion detection
ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

As Intrusion Detection Systems (IDS)utilize more complex syntax to efficiently describe complex attacks, their processing requirements increase rapidly. Hardware and, even more, software platforms face difficulties in keeping up with the computationally ...
Effective packet loss estimation on VoIP jitter buffer
IFIP'12: Proceedings of the 2012 international conference on Networking

The paper deals with an influence of network jitter on effective packet loss in dejitter buffer. We analyze behavior of jitter buffers with and without packet reordering capability and quantify the additional packet loss caused by packets dropped in ...
Effective bot host detection based on network failure models

Botnet is one of the most notorious threats to Internet users. Attackers intrude into a large group of computers, install remote-controllable software, and then ask the compromised computers to launch large-scale Internet attacks, including sending spam ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Network and Service Management

IEEE Transactions on Network and Service Management Volume 14, Issue 1

March 2017

244 pages

ISSN:1932-4537

Issue’s Table of Contents

Copyright © 2017.

Publisher

IEEE Press

Publication History

Published: 01 March 2017

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Duan YMeng WChiu WWang YSekar VYu MSeneviratne AVeitch D(2024)DEMO: Towards A Novel Ultrasonic Side-channel Attack on Mobile DevicesProceedings of the ACM SIGCOMM 2024 Conference: Posters and Demos10.1145/3672202.3673730(101-103)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672202.3673730
Jonker SJelstrup MMeng WLampe B(2024)Detecting Post Editing of Multimedia Images using Transfer Learning and Fine TuningACM Transactions on Multimedia Computing, Communications, and Applications10.1145/363328420:6(1-22)Online publication date: 8-Mar-2024
https://dl.acm.org/doi/10.1145/3633284
Chen XFeng WGe NZhang Y(2024)Zero Trust Architecture for 6G SecurityIEEE Network: The Magazine of Global Internetworking10.1109/MNET.2023.332635638:4(224-232)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MNET.2023.3326356
Adam RMeng W(2023)Securing 5G Positioning via Zero Trust ArchitectureArtificial Intelligence Security and Privacy10.1007/978-981-99-9785-5_39(563-578)Online publication date: 3-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-9785-5_39
Meng WLi WHan JSu C(2022)Security, Trust, and Privacy in Machine Learning-Based Internet of ThingsSecurity and Communication Networks10.1155/2022/98514632022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9851463
Li WRosenberg PGlisby MHan M(2022)EnergyCIDN: Enhanced Energy-Aware Challenge-Based Collaborative Intrusion Detection in Internet of ThingsAlgorithms and Architectures for Parallel Processing10.1007/978-3-031-22677-9_16(293-312)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1007/978-3-031-22677-9_16
Subramanian KMeng W(2021)Threat Hunting Using Elastic Stack: An Evaluation2021 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)10.1109/SOLI54607.2021.9672347(1-6)Online publication date: 11-Dec-2021
https://dl.acm.org/doi/10.1109/SOLI54607.2021.9672347
Li WWang YLi JAu M(2021)Toward a blockchain-based framework for challenge-based collaborative intrusion detectionInternational Journal of Information Security10.1007/s10207-020-00488-620:2(127-139)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s10207-020-00488-6
Li WMeng WWang YLi J(2021)Enhancing Blackslist-Based Packet Filtration Using Blockchain in Wireless Sensor NetworksWireless Algorithms, Systems, and Applications10.1007/978-3-030-86130-8_49(624-635)Online publication date: 25-Jun-2021
https://dl.acm.org/doi/10.1007/978-3-030-86130-8_49
Li ZMeng W(2021)Mind the Amplification: Cracking Content Delivery Networks via DDoS AttacksWireless Algorithms, Systems, and Applications10.1007/978-3-030-86130-8_15(186-197)Online publication date: 25-Jun-2021
https://dl.acm.org/doi/10.1007/978-3-030-86130-8_15
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents