Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection

Wenjuan Li, Weizhi Meng, Lam For Kwok

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The aim of collaborative intrusion detection networks (CIDNs) is to provide better detection performance over a single IDS, through allowing IDS nodes to exchange data or information with each other. Nevertheless, CIDNs may be vulnerable to insider attacks, and there is a great need for deploying appropriate trust management schemes to protect CIDNs in practice. In this work, we advocate the effectiveness of intrusion sensitivity-based trust management model and describe an engineering way to automatically allocate the sensitivity values by using a support vector machine (SVM) classifier. To explore the allocation performance, we compare our classifier with several traditional supervised algorithms in the evaluation. We further investigate the performance of our enhanced trust management scheme in a real network environment under adversarial scenarios, and the experimental results indicate that our approach can be more effective in detecting insider attacks as compared with similar approaches.
Original languageEnglish
Title of host publicationInformation Security Practice and Experience
PublisherSpringer
Publication date2019
Pages453-63
ISBN (Print)978-3-030-34338-5
DOIs
Publication statusPublished - 2019
Event15th International Conference on Information Security Practice and Experience - Beijing, China
Duration: 21 Nov 201923 Nov 2019

Conference

Conference15th International Conference on Information Security Practice and Experience
CountryChina
CityBeijing
Period21/11/201923/11/2019
SeriesLecture Notes in Computer Science
Volume11879
ISSN0302-9743

Cite this

Li, W., Meng, W., & Kwok, L. F. (2019). Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection. In Information Security Practice and Experience (pp. 453-63). Springer. Lecture Notes in Computer Science, Vol.. 11879 https://doi.org/10.1007/978-3-030-34339-2_26
Li, Wenjuan ; Meng, Weizhi ; Kwok, Lam For. / Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection. Information Security Practice and Experience. Springer, 2019. pp. 453-63 (Lecture Notes in Computer Science, Vol. 11879).
@inproceedings{99fd6c7601b54f21adc2314c898481d0,
title = "Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection",
abstract = "The aim of collaborative intrusion detection networks (CIDNs) is to provide better detection performance over a single IDS, through allowing IDS nodes to exchange data or information with each other. Nevertheless, CIDNs may be vulnerable to insider attacks, and there is a great need for deploying appropriate trust management schemes to protect CIDNs in practice. In this work, we advocate the effectiveness of intrusion sensitivity-based trust management model and describe an engineering way to automatically allocate the sensitivity values by using a support vector machine (SVM) classifier. To explore the allocation performance, we compare our classifier with several traditional supervised algorithms in the evaluation. We further investigate the performance of our enhanced trust management scheme in a real network environment under adversarial scenarios, and the experimental results indicate that our approach can be more effective in detecting insider attacks as compared with similar approaches.",
author = "Wenjuan Li and Weizhi Meng and Kwok, {Lam For}",
year = "2019",
doi = "10.1007/978-3-030-34339-2_26",
language = "English",
isbn = "978-3-030-34338-5",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "453--63",
booktitle = "Information Security Practice and Experience",

}

Li, W, Meng, W & Kwok, LF 2019, Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection. in Information Security Practice and Experience. Springer, Lecture Notes in Computer Science, vol. 11879, pp. 453-63, 15th International Conference on Information Security Practice and Experience, Beijing, China, 21/11/2019. https://doi.org/10.1007/978-3-030-34339-2_26

Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection. / Li, Wenjuan; Meng, Weizhi; Kwok, Lam For.

Information Security Practice and Experience. Springer, 2019. p. 453-63 (Lecture Notes in Computer Science, Vol. 11879).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection

AU - Li, Wenjuan

AU - Meng, Weizhi

AU - Kwok, Lam For

PY - 2019

Y1 - 2019

N2 - The aim of collaborative intrusion detection networks (CIDNs) is to provide better detection performance over a single IDS, through allowing IDS nodes to exchange data or information with each other. Nevertheless, CIDNs may be vulnerable to insider attacks, and there is a great need for deploying appropriate trust management schemes to protect CIDNs in practice. In this work, we advocate the effectiveness of intrusion sensitivity-based trust management model and describe an engineering way to automatically allocate the sensitivity values by using a support vector machine (SVM) classifier. To explore the allocation performance, we compare our classifier with several traditional supervised algorithms in the evaluation. We further investigate the performance of our enhanced trust management scheme in a real network environment under adversarial scenarios, and the experimental results indicate that our approach can be more effective in detecting insider attacks as compared with similar approaches.

AB - The aim of collaborative intrusion detection networks (CIDNs) is to provide better detection performance over a single IDS, through allowing IDS nodes to exchange data or information with each other. Nevertheless, CIDNs may be vulnerable to insider attacks, and there is a great need for deploying appropriate trust management schemes to protect CIDNs in practice. In this work, we advocate the effectiveness of intrusion sensitivity-based trust management model and describe an engineering way to automatically allocate the sensitivity values by using a support vector machine (SVM) classifier. To explore the allocation performance, we compare our classifier with several traditional supervised algorithms in the evaluation. We further investigate the performance of our enhanced trust management scheme in a real network environment under adversarial scenarios, and the experimental results indicate that our approach can be more effective in detecting insider attacks as compared with similar approaches.

U2 - 10.1007/978-3-030-34339-2_26

DO - 10.1007/978-3-030-34339-2_26

M3 - Article in proceedings

SN - 978-3-030-34338-5

T3 - Lecture Notes in Computer Science

SP - 453

EP - 463

BT - Information Security Practice and Experience

PB - Springer

ER -

Li W, Meng W, Kwok LF. Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection. In Information Security Practice and Experience. Springer. 2019. p. 453-63. (Lecture Notes in Computer Science, Vol. 11879). https://doi.org/10.1007/978-3-030-34339-2_26