A Distributed Sequential Algorithm for Collaborative Intrusion Detection Networks

TL;DR

This paper introduces a distributed sequential hypothesis testing algorithm for collaborative intrusion detection networks, improving detection accuracy and cost efficiency through feedback aggregation among IDSs.

Contribution

It proposes a novel sequential hypothesis testing method for feedback aggregation in collaborative IDSs, with theoretical analysis and simulation validation.

Findings

Demonstrates improved detection accuracy over heuristic methods

Shows cost efficiency in collaborative intrusion detection

Provides analytical bounds for IDS consultation requirements

Abstract

Collaborative intrusion detection networks are often used to gain better detection accuracy and cost efficiency as compared to a single host-based intrusion detection system (IDS). Through cooperation, it is possible for a local IDS to detect new attacks that may be known to other experienced acquaintances. In this paper, we present a sequential hypothesis testing method for feedback aggregation for each individual IDS in the net- work. Our simulation results corroborate our theoretical results and demonstrate the properties of cost efficiency and accuracy compared to other heuristic methods. The analytical result on the lower-bound of the average number of acquaintances for consultation is essential for the design and configuration of IDSs in a collaborative environment.