Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures
Please use this identifier to cite or link to this item:
http://hdl.handle.net/10045/74237
Title: | Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures |
---|---|
Authors: | Colom López, José Francisco | Gil, David | Mora, Higinio | Volckaert, Bruno | Jimeno-Morenilla, Antonio |
Research Group/s: | Ingeniería Bioinspirada e Informática para la Salud | Lucentia | Informática Industrial y Redes de Computadores | UniCAD: Grupo de Investigación en CAD/CAM/CAE de la Universidad de Alicante |
Center, Department or Service: | Universidad de Alicante. Departamento de Tecnología Informática y Computación |
Keywords: | Cyber security | Distributed intrusion detection system | Cloud computing | Internet of things |
Knowledge Area: | Arquitectura y Tecnología de Computadores |
Issue Date: | 15-Apr-2018 |
Publisher: | Elsevier |
Citation: | Journal of Network and Computer Applications. 2018, 108: 76-86. doi:10.1016/j.jnca.2018.02.004 |
Abstract: | The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present new opportunities for competitive advantage although they also introduce new risks. Currently, security is one of the most limiting issues for technological development in fields such as Internet of Things or Cyber-physical systems. This work contributes to the cyber security research field with a design that can incorporate advanced scheduling algorithms and predictive models in a parallel and distributed way, in order to improve intrusion detection in the current scenario, where increased demand for global and wireless interconnection has weakened approaches based on protection tasks running only on specific perimeter security devices. The aim of this paper is to provide a framework to properly distribute intrusion detection system (IDS) tasks, considering security requirements and variable availability of computing resources. To accomplish this, we propose a novel approach, which promotes the integration of personal and enterprise computing resources with externally supplied cloud services, in order to handle the security requirements. For example, in a business environment, there is a set information resources that need to be specially protected, including data handled and transmitted by small mobile devices. These devices can execute part of the IDS tasks necessary for self-protection, but other tasks could be derived to other more powerful systems. This integration must be achieved in a dynamic way: cloud resources are used only when necessary, minimizing utility computing costs and security problems posed by cloud, but preserving local resources when those are required for business processes or user experience. In addition to satisfying the main objective, the strengths and benefits of the proposed framework can be explored in future research. This framework provides the integration of different security approaches, including well-known and recent advances in intrusion detection as well as supporting techniques that increase the resilience of the system. The proposed framework consists of: (1) a controller component, which among other functions, decides the source and target hosts for each data flow; and (2) a switching mechanism, allowing tasks to redirect data flows as established by the controller scheduler. The proposed approach has been validated through a number of experiments. First, an experimental DIDS is designed by selecting and combining a number of existing IDS solutions. Then, a prototype implementation of the proposed framework, working as a proof of concept, is built. Finally, singular tests showing the feasibility of our approach and providing a good insight into future work are performed. |
Sponsor: | This work has been partially funded by the Spanish Ministry of Economy and Competitiveness (MINECO/FEDER) under the granted Projects SEQUOIA-UA TIN2015-63502-C3-3-R and Cloud-Driver4Industry TIN2017-89266-R, by the University of Alicante, within the program of support for research, under project GRE14-10, and by the Conselleria de Educación, Investigación, Cultura y Deporte, Comunidad Valenciana, Spain, within the programs of support for research, under projects GV/2016/087 and AICO/2017/134. |
URI: | http://hdl.handle.net/10045/74237 |
ISSN: | 1084-8045 (Print) | 1095-8592 (Online) |
DOI: | 10.1016/j.jnca.2018.02.004 |
Language: | eng |
Type: | info:eu-repo/semantics/article |
Rights: | © 2018 Elsevier Ltd. |
Peer Review: | si |
Publisher version: | http://dx.doi.org/10.1016/j.jnca.2018.02.004 |
Appears in Collections: | INV - I2RC - Artículos de Revistas INV - UNICAD - Artículos de Revistas INV - LUCENTIA - Artículos de Revistas INV - IBIS - Artículos de Revistas INV - AIA - Artículos de Revistas |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
2018_Colom_etal_JNetworkCompAppl_final.pdf | Versión final (acceso restringido) | 2,46 MB | Adobe PDF | Open Request a copy |
2018_Colom_etal_JNetworkCompAppl_accepted.pdf | Accepted Manuscript (acceso abierto) | 1,92 MB | Adobe PDF | Open Preview |
Items in RUA are protected by copyright, with all rights reserved, unless otherwise indicated.