Bayesian decision aggregation in collaborative intrusion detection networks

• Published in: 2010 IEEE Network Operations and Management Symposium - NOMS 2010 pp. 349 - 356
• Main Authors: Fung, Carol J, Quanyan Zhu, Boutaba, Raouf, Basar, Tamer
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.04.2010
• Subjects: Aggregates; Bayesian methods; Collaboration; Collaborative work; Computer networks; Computer worms; Costs; Feedback; Intrusion detection; Peer to peer computing
• ISBN: 9781424453665; 1424453666
• ISSN: 1542-1201
• DOI: 10.1109/NOMS.2010.5488489

Cooperation between intrusion detection systems (IDSs) allow collective information and experience from a network of IDSs to be shared for improving the accuracy of detection. A critical component of a collaborative network is the mechanism of feedback aggregation in which each IDS makes an overall security evaluation based on peer opinions and assessments. In this paper, we propose a collaboration framework for intrusion detection networks (CIDNs) and use a Bayesian approach for feedback aggregation by minimizing the combined costs of missed detection and false alarm. The proposed model is highly scalable, robust, and cost effective. Experimental results demonstrate an improvement in the true positive detection rate and a reduction in the average cost of our mechanism compared to existing models.