Ghent University Academic Bibliography

Advanced

Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures

Jose Francisco Colom, David Gil, Higinio Mora, Bruno Volckaert UGent and Antonio Manuel Jimeno (2018) JOURNAL OF NETWORK AND COMPUTER APPLICATIONS. 108. p.76-86
abstract
The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present new opportunities for competitive advantage although they also introduce new risks. Currently, security is one of the most limiting issues for technological development in fields such as Internet of Things or Cyber-physical systems. This work contributes to the cyber security research field with a design that can incorporate advanced scheduling algorithms and predictive models in a parallel and distributed way, in order to improve intrusion detection in the current scenario, where increased demand for global and wireless interconnection has weakened approaches based on protection tasks running only on specific perimeter security devices. The aim of this paper is to provide a framework to properly distribute intrusion detection system (IDS) tasks, considering security requirements and variable availability of computing resources. To accomplish this, we propose a novel approach, which promotes the integration of personal and enterprise computing resources with externally supplied cloud services, in order to handle the security requirements. For example, in a business environment, there is a set information resources that need to be specially protected, including data handled and transmitted by small mobile devices. These devices can execute part of the IDS tasks necessary for self-protection, but other tasks could be derived to other more powerful systems. This integration must be achieved in a dynamic way: cloud resources are used only when necessary, minimizing utility computing costs and security problems posed by cloud, but preserving local resources when those are required for business processes or user experience. In addition to satisfying the main objective, the strengths and benefits of the proposed framework can be explored in future research. This framework provides the integration of different security approaches, including well-known and recent advances in intrusion detection as well as supporting techniques that increase the resilience of the system. The proposed framework consists of: (1) a controller component, which among other functions, decides the source and target hosts for each data flow; and (2) a switching mechanism, allowing tasks to redirect data flows as established by the controller scheduler. The proposed approach has been validated through a number of experiments. First, an experimental DIDS is designed by selecting and combining a number of existing IDS solutions. Then, a prototype implementation of the proposed framework, working as a proof of concept, is built. Finally, singular tests showing the feasibility of our approach and providing a good insight into future work are performed.
Please use this url to cite or link to this publication:
author
organization
year
type
journalArticle (original)
publication status
published
keyword
CLOUD, INTERNET, THINGS, PERFORMANCE, SECURITY, MODEL, IOT, Cyber security, Distributed intrusion detection system, Cloud computing, Internet of things
journal title
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
J. Netw. Comput. Appl.
volume
108
pages
11 pages
publisher
Academic Press Ltd- Elsevier Science Ltd
place of publication
London
Web of Science type
Article
Web of Science id
000428830500006
ISSN
1084-8045
DOI
10.1016/j.jnca.2018.02.004
language
English
UGent publication?
yes
classification
A1
id
8559965
handle
http://hdl.handle.net/1854/LU-8559965
date created
2018-04-26 08:05:07
date last changed
2018-06-04 07:27:07
@article{8559965,
  abstract     = {The evolving trends of mobility, cloud computing and collaboration have blurred the perimeter separating corporate networks from the wider world. These new tools and business models enhance productivity and present new opportunities for competitive advantage although they also introduce new risks. Currently, security is one of the most limiting issues for technological development in fields such as Internet of Things or Cyber-physical systems. This work contributes to the cyber security research field with a design that can incorporate advanced scheduling algorithms and predictive models in a parallel and distributed way, in order to improve intrusion detection in the current scenario, where increased demand for global and wireless interconnection has weakened approaches based on protection tasks running only on specific perimeter security devices. The aim of this paper is to provide a framework to properly distribute intrusion detection system (IDS) tasks, considering security requirements and variable availability of computing resources. To accomplish this, we propose a novel approach, which promotes the integration of personal and enterprise computing resources with externally supplied cloud services, in order to handle the security requirements. For example, in a business environment, there is a set information resources that need to be specially protected, including data handled and transmitted by small mobile devices. These devices can execute part of the IDS tasks necessary for self-protection, but other tasks could be derived to other more powerful systems. This integration must be achieved in a dynamic way: cloud resources are used only when necessary, minimizing utility computing costs and security problems posed by cloud, but preserving local resources when those are required for business processes or user experience. In addition to satisfying the main objective, the strengths and benefits of the proposed framework can be explored in future research. This framework provides the integration of different security approaches, including well-known and recent advances in intrusion detection as well as supporting techniques that increase the resilience of the system. The proposed framework consists of: (1) a controller component, which among other functions, decides the source and target hosts for each data flow; and (2) a switching mechanism, allowing tasks to redirect data flows as established by the controller scheduler. The proposed approach has been validated through a number of experiments. First, an experimental DIDS is designed by selecting and combining a number of existing IDS solutions. Then, a prototype implementation of the proposed framework, working as a proof of concept, is built. Finally, singular tests showing the feasibility of our approach and providing a good insight into future work are performed.},
  author       = {Francisco Colom, Jose and Gil, David and Mora, Higinio and Volckaert, Bruno and Manuel Jimeno, Antonio},
  issn         = {1084-8045},
  journal      = {JOURNAL OF NETWORK AND COMPUTER APPLICATIONS},
  keyword      = {CLOUD,INTERNET,THINGS,PERFORMANCE,SECURITY,MODEL,IOT,Cyber security,Distributed intrusion detection system,Cloud computing,Internet of things},
  language     = {eng},
  pages        = {76--86},
  publisher    = {Academic Press Ltd- Elsevier Science Ltd},
  title        = {Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures},
  url          = {http://dx.doi.org/10.1016/j.jnca.2018.02.004},
  volume       = {108},
  year         = {2018},
}

Chicago
Francisco Colom, Jose, David Gil, Higinio Mora, Bruno Volckaert, and Antonio Manuel Jimeno. 2018. “Scheduling Framework for Distributed Intrusion Detection Systems over Heterogeneous Network Architectures.” Journal of Network and Computer Applications 108: 76–86.
APA
Francisco Colom, J., Gil, D., Mora, H., Volckaert, B., & Manuel Jimeno, A. (2018). Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures. JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 108, 76–86.
Vancouver
1.
Francisco Colom J, Gil D, Mora H, Volckaert B, Manuel Jimeno A. Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures. JOURNAL OF NETWORK AND COMPUTER APPLICATIONS. London: Academic Press Ltd- Elsevier Science Ltd; 2018;108:76–86.
MLA
Francisco Colom, Jose, David Gil, Higinio Mora, et al. “Scheduling Framework for Distributed Intrusion Detection Systems over Heterogeneous Network Architectures.” JOURNAL OF NETWORK AND COMPUTER APPLICATIONS 108 (2018): 76–86. Print.