TY - GEN
T1 - Evaluating Intrusion Sensitivity Allocation with Support Vector Machine for Collaborative Intrusion Detection
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Kwok, Lam For
N1 - Funding Information:
Acknowledgments. This work was partially supported by National Natural Science Foundation of China (No. 61802077).
Publisher Copyright:
© Springer Nature Switzerland AG, 2019.
PY - 2019
Y1 - 2019
N2 - The aim of collaborative intrusion detection networks (CIDNs) is to provide better detection performance over a single IDS, through allowing IDS nodes to exchange data or information with each other. Nevertheless, CIDNs may be vulnerable to insider attacks, and there is a great need for deploying appropriate trust management schemes to protect CIDNs in practice. In this work, we advocate the effectiveness of intrusion sensitivity-based trust management model and describe an engineering way to automatically allocate the sensitivity values by using a support vector machine (SVM) classifier. To explore the allocation performance, we compare our classifier with several traditional supervised algorithms in the evaluation. We further investigate the performance of our enhanced trust management scheme in a real network environment under adversarial scenarios, and the experimental results indicate that our approach can be more effective in detecting insider attacks as compared with similar approaches.
AB - The aim of collaborative intrusion detection networks (CIDNs) is to provide better detection performance over a single IDS, through allowing IDS nodes to exchange data or information with each other. Nevertheless, CIDNs may be vulnerable to insider attacks, and there is a great need for deploying appropriate trust management schemes to protect CIDNs in practice. In this work, we advocate the effectiveness of intrusion sensitivity-based trust management model and describe an engineering way to automatically allocate the sensitivity values by using a support vector machine (SVM) classifier. To explore the allocation performance, we compare our classifier with several traditional supervised algorithms in the evaluation. We further investigate the performance of our enhanced trust management scheme in a real network environment under adversarial scenarios, and the experimental results indicate that our approach can be more effective in detecting insider attacks as compared with similar approaches.
KW - Collaborative intrusion detection
KW - Insider threat
KW - Intrusion sensitivity
KW - Supervised learning
KW - Trust management
UR - http://www.scopus.com/inward/record.url?scp=85076704692&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-34339-2_26
DO - 10.1007/978-3-030-34339-2_26
M3 - Conference article published in proceeding or book
AN - SCOPUS:85076704692
SN - 9783030343385
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 453
EP - 463
BT - Information Security Practice and Experience - 15th International Conference, ISPEC 2019, Proceedings
A2 - Heng, Swee-Huay
A2 - Lopez, Javier
PB - Springer
T2 - 15th International Conference on Information Security Practice and Experience, ISPEC 2019
Y2 - 26 November 2019 through 28 November 2019
ER -