A fog-based privacy-preserving approach for distributed signature-based intrusion detection

Yu Wang; Weizhi Meng; Wenjuan Li; Jin Li; Wai Xi Liu; Yang Xiang

doi:10.1016/j.jpdc.2018.07.013

A fog-based privacy-preserving approach for distributed signature-based intrusion detection

Yu Wang, Weizhi Meng, Wenjuan Li, Jin Li, Wai Xi Liu, Yang Xiang

Research output: Journal article publication › Journal article › Academic research › peer-review

69 Citations (Scopus)

Abstract

Intrusion detection systems (IDSs) are the frontier of defense against transmissible cyber threats that spread across distributed systems. Modern IDSs overcome the limitation of hardware processing power by offloading computation extensive operations such as signature matching to the cloud. Moreover, in order to prevent the rapid spread of transmissible cyber threats, collaborative intrusion detection schemes are widely deployed to allow distributed IDS nodes to exchange information with each other. However, no party wants to disclose their own data during the detection process, especially sensitive user data to others, even the cloud providers for privacy concerns. In this background, privacy-preserving technology has been researched in the field of intrusion detection, whereas a collaborative intrusion detection network (CIDN) environment still lacks of appropriate solutions due to its geographical distribution. With the advent of fog computing, in this paper, we propose a privacy-preserving framework for signature-based intrusion detection in a distributed network based on fog devices. The results in both simulated and real environments demonstrate that our proposed framework can help reserve the privacy of shared data, reduce the workload on the cloud side, and offer less detection delay as compared to similar approaches.

Original language	English
Pages (from-to)	26-35
Number of pages	10
Journal	Journal of Parallel and Distributed Computing
Volume	122
DOIs	https://doi.org/10.1016/j.jpdc.2018.07.013
Publication status	Published - Dec 2018
Externally published	Yes

Keywords

Cloud environment
Collaborate network
Fog computing
Intrusion detection
Privacy preserving

ASJC Scopus subject areas

Software
Theoretical Computer Science
Hardware and Architecture
Computer Networks and Communications
Artificial Intelligence

More information

10.1016/j.jpdc.2018.07.013

Cite this

@article{addc2201423b4a1e95e918519234682a,

title = "A fog-based privacy-preserving approach for distributed signature-based intrusion detection",

abstract = "Intrusion detection systems (IDSs) are the frontier of defense against transmissible cyber threats that spread across distributed systems. Modern IDSs overcome the limitation of hardware processing power by offloading computation extensive operations such as signature matching to the cloud. Moreover, in order to prevent the rapid spread of transmissible cyber threats, collaborative intrusion detection schemes are widely deployed to allow distributed IDS nodes to exchange information with each other. However, no party wants to disclose their own data during the detection process, especially sensitive user data to others, even the cloud providers for privacy concerns. In this background, privacy-preserving technology has been researched in the field of intrusion detection, whereas a collaborative intrusion detection network (CIDN) environment still lacks of appropriate solutions due to its geographical distribution. With the advent of fog computing, in this paper, we propose a privacy-preserving framework for signature-based intrusion detection in a distributed network based on fog devices. The results in both simulated and real environments demonstrate that our proposed framework can help reserve the privacy of shared data, reduce the workload on the cloud side, and offer less detection delay as compared to similar approaches.",

keywords = "Cloud environment, Collaborate network, Fog computing, Intrusion detection, Privacy preserving",

author = "Yu Wang and Weizhi Meng and Wenjuan Li and Jin Li and Liu, {Wai Xi} and Yang Xiang",

note = "Funding Information: I would like to thank R. L. Cifelli, N. J Czaplewski, L. Vitt, G. Schnell, and C. Harper for helpful comments and discussion on this project. M. Caldwell, D. Winkler, and an anonymous reviewer provided useful comments on an earlier manuscript, which substantially improved this work. S. Madsen prepared the type specimen and C. McCallister prepared Figure 1. My gratitude also goes to all the personnel at KU, UALVP, and UMMZ for their assistance during my use of their collections. Financial support was provided by the American Federation of Mineralogical Societies, Dinamation International Society (Ying Chang Scholarship) Sigma Xi, the Graduate Student Sen- ate of the University of Oklahoma, the Department of Zoology of the University of Oklahoma as well as by National Geo-graphic Society Grants 4762-91 and 5021-92 and National Science Foundation grant DEB 9401094 to R. L. Cifelli. Publisher Copyright: {\textcopyright} 2018 Elsevier Inc.",

year = "2018",

month = dec,

doi = "10.1016/j.jpdc.2018.07.013",

language = "English",

volume = "122",

pages = "26--35",

journal = "Journal of Parallel and Distributed Computing",

issn = "0743-7315",

publisher = "Academic Press Inc.",

}

TY - JOUR

T1 - A fog-based privacy-preserving approach for distributed signature-based intrusion detection

AU - Wang, Yu

AU - Meng, Weizhi

AU - Li, Wenjuan

AU - Li, Jin

AU - Liu, Wai Xi

AU - Xiang, Yang

N1 - Funding Information: I would like to thank R. L. Cifelli, N. J Czaplewski, L. Vitt, G. Schnell, and C. Harper for helpful comments and discussion on this project. M. Caldwell, D. Winkler, and an anonymous reviewer provided useful comments on an earlier manuscript, which substantially improved this work. S. Madsen prepared the type specimen and C. McCallister prepared Figure 1. My gratitude also goes to all the personnel at KU, UALVP, and UMMZ for their assistance during my use of their collections. Financial support was provided by the American Federation of Mineralogical Societies, Dinamation International Society (Ying Chang Scholarship) Sigma Xi, the Graduate Student Sen- ate of the University of Oklahoma, the Department of Zoology of the University of Oklahoma as well as by National Geo-graphic Society Grants 4762-91 and 5021-92 and National Science Foundation grant DEB 9401094 to R. L. Cifelli. Publisher Copyright: © 2018 Elsevier Inc.

PY - 2018/12

Y1 - 2018/12

N2 - Intrusion detection systems (IDSs) are the frontier of defense against transmissible cyber threats that spread across distributed systems. Modern IDSs overcome the limitation of hardware processing power by offloading computation extensive operations such as signature matching to the cloud. Moreover, in order to prevent the rapid spread of transmissible cyber threats, collaborative intrusion detection schemes are widely deployed to allow distributed IDS nodes to exchange information with each other. However, no party wants to disclose their own data during the detection process, especially sensitive user data to others, even the cloud providers for privacy concerns. In this background, privacy-preserving technology has been researched in the field of intrusion detection, whereas a collaborative intrusion detection network (CIDN) environment still lacks of appropriate solutions due to its geographical distribution. With the advent of fog computing, in this paper, we propose a privacy-preserving framework for signature-based intrusion detection in a distributed network based on fog devices. The results in both simulated and real environments demonstrate that our proposed framework can help reserve the privacy of shared data, reduce the workload on the cloud side, and offer less detection delay as compared to similar approaches.

AB - Intrusion detection systems (IDSs) are the frontier of defense against transmissible cyber threats that spread across distributed systems. Modern IDSs overcome the limitation of hardware processing power by offloading computation extensive operations such as signature matching to the cloud. Moreover, in order to prevent the rapid spread of transmissible cyber threats, collaborative intrusion detection schemes are widely deployed to allow distributed IDS nodes to exchange information with each other. However, no party wants to disclose their own data during the detection process, especially sensitive user data to others, even the cloud providers for privacy concerns. In this background, privacy-preserving technology has been researched in the field of intrusion detection, whereas a collaborative intrusion detection network (CIDN) environment still lacks of appropriate solutions due to its geographical distribution. With the advent of fog computing, in this paper, we propose a privacy-preserving framework for signature-based intrusion detection in a distributed network based on fog devices. The results in both simulated and real environments demonstrate that our proposed framework can help reserve the privacy of shared data, reduce the workload on the cloud side, and offer less detection delay as compared to similar approaches.

KW - Cloud environment

KW - Collaborate network

KW - Fog computing

KW - Intrusion detection

KW - Privacy preserving

UR - http://www.scopus.com/inward/record.url?scp=85050884878&partnerID=8YFLogxK

U2 - 10.1016/j.jpdc.2018.07.013

DO - 10.1016/j.jpdc.2018.07.013

M3 - Journal article

AN - SCOPUS:85050884878

SN - 0743-7315

VL - 122

SP - 26

EP - 35

JO - Journal of Parallel and Distributed Computing

JF - Journal of Parallel and Distributed Computing

ER -

A fog-based privacy-preserving approach for distributed signature-based intrusion detection

Abstract

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this