Distributed intrusion detection systems (IDS) are primarily deployed across the network to monitor, detect, and report anomalies, as well as to respond in real-time. Predominantly, an IDS is equipped with a set of rules that it needs to infer to be able to perform efficient detection. However, reducing the generation of false alarms is a major challenge in any IDS implementation. Additionally, the sheer number of IoT devices that generate alarms in a moderately large sensor network may be overwhelming. In order to reduce alarms, this paper contributes to the field by proposing an original framework that limits the number of generated messages without compromising detection accuracy. The primary idea is to exploit mid-level nodes called collectors where similar alerts are collected and analyzed independently. Priority is assigned to each alert and similar alerts are fused to respective collectors for more informed decision making. In addition, Kademlia based Distributed Hash Table (DHT) is used for efficient alert transportation and distributed fusion of similar alerts. In order to minimize false alarm rate, event correlation is used to find similarity between events fused by different detection sensors. The framework is implemented in a fog-based environment to assess and evaluate the efficiency of the proposed system in edge network. The architecture is evaluated with the recognized DARPA 1999 dataset; the reported results show that the proposed technique reduces message generation by 62% while achieving false positive accuracy over 80%.
Mansoor Nasir, Khan Muhammad, Paolo Bellavista, Mi Young Lee, Muhammad Sajjad (2020). Prioritization and Alert Fusion in Distributed IoT Sensors Using Kademlia Based Distributed Hash Tables. IEEE ACCESS, 8, 175194-175204 [10.1109/access.2020.3017009].
Prioritization and Alert Fusion in Distributed IoT Sensors Using Kademlia Based Distributed Hash Tables
Paolo Bellavista;
2020
Abstract
Distributed intrusion detection systems (IDS) are primarily deployed across the network to monitor, detect, and report anomalies, as well as to respond in real-time. Predominantly, an IDS is equipped with a set of rules that it needs to infer to be able to perform efficient detection. However, reducing the generation of false alarms is a major challenge in any IDS implementation. Additionally, the sheer number of IoT devices that generate alarms in a moderately large sensor network may be overwhelming. In order to reduce alarms, this paper contributes to the field by proposing an original framework that limits the number of generated messages without compromising detection accuracy. The primary idea is to exploit mid-level nodes called collectors where similar alerts are collected and analyzed independently. Priority is assigned to each alert and similar alerts are fused to respective collectors for more informed decision making. In addition, Kademlia based Distributed Hash Table (DHT) is used for efficient alert transportation and distributed fusion of similar alerts. In order to minimize false alarm rate, event correlation is used to find similarity between events fused by different detection sensors. The framework is implemented in a fog-based environment to assess and evaluate the efficiency of the proposed system in edge network. The architecture is evaluated with the recognized DARPA 1999 dataset; the reported results show that the proposed technique reduces message generation by 62% while achieving false positive accuracy over 80%.File | Dimensione | Formato | |
---|---|---|---|
09169639.pdf
accesso aperto
Tipo:
Versione (PDF) editoriale
Licenza:
Licenza per Accesso Aperto. Creative Commons Attribuzione (CCBY)
Dimensione
7.46 MB
Formato
Adobe PDF
|
7.46 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.