Systematization of Knowledge from Intrusion Detection Models - April 2017
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Huaiyu Dai, Andy Meneely
Researchers:
Xiaofan He, Yufan Huang, Richeng Jin, Nuthan Munaiah, Kevin Campusano Gonzalez
HARD PROBLEM(S) ADDRESSED
- Security Metrics and Models - The project aims to establish common criteria for evaluating and systematizing knowledge contributed by research on intrusion detection models.
- Resilient Architectures - Robust intrusion detection models serve to make large systems more resilient to attack.
- Scalability and Composability - Intrusion detection models deal with large data sets every day, so scale is always a significant concern.
- Humans - A key aspect of intrusion detection is interpreting the output and acting upon it, which inherently involves humans. Furthermore, intrusion detection models are ultimately simulations of human behavior.
PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.
-
Richeng Jin, Xiaofan He, Huaiyu Dai. 2017. On the Tradeoff between Privacy and Utility in Collaborative Intrusion Detection Networks - A Game Theoretical Approach. 2017 Hot Topics in the Science of Security (HotSoS).
-
ACCOMPLISHMENT HIGHLIGHTS
-
We have deepened our previous study on collaborative IDS configuration. We developed a multi-player game to model the resource allocation process among the IDSs. Using this game, we developed a new distributed incentive mechanism for resource allocation. Simulation results show that the performance of the proposed distributed incentive mechanism is close to the socially optimal outcome given by the VCG auction based scheme.
-
We refined our study on the tradeoff between collaborative utility and privacy and derived more general results than before. Moreover, our new model incorporates Byzantine attack and its influence, and we have derived the conditions under which collaborative security is resilient to Byzantine attacks.