BIDS: Bio-Inspired, Collaborative Intrusion Detection for Software Defined Networks

ICC 2019 - 2019 IEEE International Conference on Communications (ICC) Pub Date : 2019-07-15 DOI:10.1109/ICC.2019.8761410

Qianru Zhou, D. Pezaros

{"title":"BIDS: Bio-Inspired, Collaborative Intrusion Detection for Software Defined Networks","authors":"Qianru Zhou, D. Pezaros","doi":"10.1109/ICC.2019.8761410","DOIUrl":null,"url":null,"abstract":"With network attacks becoming more sophisticated and unpredictable, detecting their onset and mitigating their effects in an automated manner become increasingly challenging. Lightweight and agile detection mechanisms that are able to detect zero-day attacks are in great need. High true-negative rate and low false-positive rate are the most important indicators for a intrusion detection system. In this paper, we exploit the logically-centralised view of Software-Defined Networking (SDN) to increase true-negative rate and lower false-positive rate in a intrusion detection system based on the Artificial Immune System (AIS). We propose the use of an antibody fuser in the controller to merge and fuse the mature antibody sets trained in the individual switches and turn the real intrusion records each switch has seen into antibodies. Our results show that both the false-positive rate and true-negative rate experience significant improvement with the number of local antibody sets fused grows, consuming less cpu usage overhead. A peak improvement can reach over 80% when antibody sets from all switches are taken into consideration.","PeriodicalId":402732,"journal":{"name":"ICC 2019 - 2019 IEEE International Conference on Communications (ICC)","volume":"181 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICC 2019 - 2019 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC.2019.8761410","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

With network attacks becoming more sophisticated and unpredictable, detecting their onset and mitigating their effects in an automated manner become increasingly challenging. Lightweight and agile detection mechanisms that are able to detect zero-day attacks are in great need. High true-negative rate and low false-positive rate are the most important indicators for a intrusion detection system. In this paper, we exploit the logically-centralised view of Software-Defined Networking (SDN) to increase true-negative rate and lower false-positive rate in a intrusion detection system based on the Artificial Immune System (AIS). We propose the use of an antibody fuser in the controller to merge and fuse the mature antibody sets trained in the individual switches and turn the real intrusion records each switch has seen into antibodies. Our results show that both the false-positive rate and true-negative rate experience significant improvement with the number of local antibody sets fused grows, consuming less cpu usage overhead. A peak improvement can reach over 80% when antibody sets from all switches are taken into consideration.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于生物的软件定义网络协同入侵检测

随着网络攻击变得越来越复杂和不可预测，以自动化的方式检测攻击的发生并减轻其影响变得越来越具有挑战性。我们非常需要能够检测零日攻击的轻量级和敏捷的检测机制。高真阴性率和低假阳性率是入侵检测系统最重要的指标。本文利用软件定义网络(SDN)的逻辑集中化观点，在基于人工免疫系统(AIS)的入侵检测系统中提高真阴性率和降低假阳性率。我们提出在控制器中使用抗体融合器来合并和融合在单个开关中训练的成熟抗体集，并将每个开关所看到的真实入侵记录转化为抗体。结果表明，随着融合的局部抗体集数量的增加，假阳性率和真阴性率都有显著提高，占用的cpu开销更少。当考虑到来自所有开关的抗体集时，峰值改进可达到80%以上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ICC 2019 - 2019 IEEE International Conference on Communications (ICC)

自引率

0.00%

发文量