Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures
Por favor, use este identificador para citar o enlazar este ítem:
http://hdl.handle.net/10045/74237
Título: | Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures |
---|---|
Autor/es: | Colom López, José Francisco | Gil, David | Mora, Higinio | Volckaert, Bruno | Jimeno-Morenilla, Antonio |
Grupo/s de investigación o GITE: | Ingeniería Bioinspirada e Informática para la Salud | Lucentia | Informática Industrial y Redes de Computadores | UniCAD: Grupo de Investigación en CAD/CAM/CAE de la Universidad de Alicante |
Centro, Departamento o Servicio: | Universidad de Alicante. Departamento de Tecnología Informática y Computación |
Palabras clave: | Cyber security | Distributed intrusion detection system | Cloud computing | Internet of things |
Área/s de conocimiento: | Arquitectura y Tecnología de Computadores |
Fecha de publicación: | 15-abr-2018 |
Editor: | Elsevier |
Cita bibliográfica: | Journal of Network and Computer Applications. 2018, 108: 76-86. doi:10.1016/j.jnca.2018.02.004 |
Resumen: | The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present new opportunities for competitive advantage although they also introduce new risks. Currently, security is one of the most limiting issues for technological development in fields such as Internet of Things or Cyber-physical systems. This work contributes to the cyber security research field with a design that can incorporate advanced scheduling algorithms and predictive models in a parallel and distributed way, in order to improve intrusion detection in the current scenario, where increased demand for global and wireless interconnection has weakened approaches based on protection tasks running only on specific perimeter security devices. The aim of this paper is to provide a framework to properly distribute intrusion detection system (IDS) tasks, considering security requirements and variable availability of computing resources. To accomplish this, we propose a novel approach, which promotes the integration of personal and enterprise computing resources with externally supplied cloud services, in order to handle the security requirements. For example, in a business environment, there is a set information resources that need to be specially protected, including data handled and transmitted by small mobile devices. These devices can execute part of the IDS tasks necessary for self-protection, but other tasks could be derived to other more powerful systems. This integration must be achieved in a dynamic way: cloud resources are used only when necessary, minimizing utility computing costs and security problems posed by cloud, but preserving local resources when those are required for business processes or user experience. In addition to satisfying the main objective, the strengths and benefits of the proposed framework can be explored in future research. This framework provides the integration of different security approaches, including well-known and recent advances in intrusion detection as well as supporting techniques that increase the resilience of the system. The proposed framework consists of: (1) a controller component, which among other functions, decides the source and target hosts for each data flow; and (2) a switching mechanism, allowing tasks to redirect data flows as established by the controller scheduler. The proposed approach has been validated through a number of experiments. First, an experimental DIDS is designed by selecting and combining a number of existing IDS solutions. Then, a prototype implementation of the proposed framework, working as a proof of concept, is built. Finally, singular tests showing the feasibility of our approach and providing a good insight into future work are performed. |
Patrocinador/es: | This work has been partially funded by the Spanish Ministry of Economy and Competitiveness (MINECO/FEDER) under the granted Projects SEQUOIA-UA TIN2015-63502-C3-3-R and Cloud-Driver4Industry TIN2017-89266-R, by the University of Alicante, within the program of support for research, under project GRE14-10, and by the Conselleria de Educación, Investigación, Cultura y Deporte, Comunidad Valenciana, Spain, within the programs of support for research, under projects GV/2016/087 and AICO/2017/134. |
URI: | http://hdl.handle.net/10045/74237 |
ISSN: | 1084-8045 (Print) | 1095-8592 (Online) |
DOI: | 10.1016/j.jnca.2018.02.004 |
Idioma: | eng |
Tipo: | info:eu-repo/semantics/article |
Derechos: | © 2018 Elsevier Ltd. |
Revisión científica: | si |
Versión del editor: | http://dx.doi.org/10.1016/j.jnca.2018.02.004 |
Aparece en las colecciones: | INV - I2RC - Artículos de Revistas INV - UNICAD - Artículos de Revistas INV - LUCENTIA - Artículos de Revistas INV - IBIS - Artículos de Revistas INV - AIA - Artículos de Revistas |
Archivos en este ítem:
Archivo | Descripción | Tamaño | Formato | |
---|---|---|---|---|
2018_Colom_etal_JNetworkCompAppl_final.pdf | Versión final (acceso restringido) | 2,46 MB | Adobe PDF | Abrir Solicitar una copia |
2018_Colom_etal_JNetworkCompAppl_accepted.pdf | Accepted Manuscript (acceso abierto) | 1,92 MB | Adobe PDF | Abrir Vista previa |
Todos los documentos en RUA están protegidos por derechos de autor. Algunos derechos reservados.