Abstract
With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detection systems (IDSs) and honeypots scattered throughout the network. This combines the advantages of two security technologies. A honeypot is an activity-based network security system, which could be the logical supplement of the passive detection policies used by IDSs. This integration forces us to balance security performance versus cost by scheduling device activities for the proposed system. By formulating the scheduling problem as a decentralized partially observable Markov decision process (DEC-POMDP), decisions are made in a distributed manner at each device without requiring centralized control. The partially observable Markov decision process (POMDP) is a useful choice for controlling stochastic systems. As a combination of two Markov models, POMDPs combine the strength of hidden Markov Model (HMM) (capturing dynamics that depend on unobserved states) and that of Markov decision process (MDP) (taking the decision aspect into account). Decision-making under uncertainty is used in many parts of business and science. We use here for security tools. We adopt a high-quality approximation solution for finite-space POMDPs with the average cost criterion and their extension to DEC-POMDPs. We show how this tool could be used to design a network security framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adachi, Y., Oyama, Y.: Malware analysis system using process-level virtualization. In: Proceedings of IEEE Symposium on Computers and Communications, pp. 550–556 (2009)
Baecher, P., Koetter, M., Dornseif, M., Freiling, F.: The nepenthes platform: An efficient approach to collect malware. In: Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection, pp. 165–184. Springer, Berlin (2006)
Bakar, N., Belaton, B., Samsudin, A.: False positives reduction via intrusion alert quality framework. In: Joint IEEE Malaysia International Conference on Communications and IEEE International Conference on Networks, pp. 547–552 (2005)
Baumann, R.: http://security.rbaumann.net/download/honeyd.pdf. Originally published as part of the GCIA practical
Garcia-Teodoroa, P., Diaz-Verdejoa, J., Macia-Fernandeza, G., Vazquezb, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Lu, C., Schwier, J.M., Craven, R.M., Yu, L., Brooks, R.R., Griffin, C.: A normalized statistical metric space for hidden Markov models. IEEE Trans. Cybern. 43(3), 806–819 (2013)
Mokube, I., Adams, M.: Honeypots: Concepts, approaches, and challenges. In: ACMSE 2007, Winston-Salem, NC, pp. 321–325 (2007)
Provos, N.: In: Proceedings of the 12th USENIX Security Symposium, pp. 1–14 (2004)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD (2007). NIST special publication 800-94
Spitzner, L.: Honeypots: Tracking Hackers. 1st edn. Addison-Wesley, Boston, MA (2002)
Tung, B.: The common intrusion detection framework (1999). http://gost.isi.edu/cidf/
Yu, L.: Stochastic tools for network security: Anonymity protocol analysis and network intrusion detection. Ph.D. thesis, Clemson University (2012). http://tigerprints.clemson.edu/all_dissertations/1061/
Yu, L., Brooks, R.: Observable subspace solution for irreducible pomdps with infinite horizon. In: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, p. 83. ACM (2011)
Yu, L., Brooks, R.R.: Applying pomdp to moving target optimization. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, p. 49. ACM (2013)
Yu, L., Schwier, J.M., Craven, R.M., Brooks, R.R., Griffin, C.: Inferring statistically significant hidden Markov models. IEEE Trans. Knowl. Data Eng. 25(7), 1548–1558 (2013)
Zheng, J., Jamalipour, A.: Wireless Sensor Networks: A Networking Perspective. John Wiley & Sons, Hoboken (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Yu, L., Brooks, R.R. (2018). Stochastic Tools for Network Intrusion Detection. In: Rao, N., Brooks, R., Wu, C. (eds) Proceedings of International Symposium on Sensor Networks, Systems and Security. ISSNSS 2017. Springer, Cham. https://doi.org/10.1007/978-3-319-75683-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-75683-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75682-0
Online ISBN: 978-3-319-75683-7
eBook Packages: EngineeringEngineering (R0)