Collaborative Cloud-based Application-level Intrusion Detection and Prevention

Iraqi, Omar; Ayache, Meryeme; El Bakkali, Hanan

Home // ICWMC 2019, The Fifteenth International Conference on Wireless and Mobile Communications // View article

Collaborative Cloud-based Application-level Intrusion Detection and Prevention

Authors:
Omar Iraqi
Meryeme Ayache
Hanan El Bakkali

Keywords: Collaborative Intrusion Detection; Application-level Intrusion Detection; Hierarchical Architecture; Alarm Correlation; Cloud Computing; Big Data.

Abstract:
The recent years have witnessed an increasing number of coordinated and large-scale attacks. This comes at no surprise as data processing, transfer and storage have got and continue to be faster and cheaper. A standalone Intrusion Detection System (IDS) may only be exposed to a narrow subset of such attacks, which could be too insignificant to raise suspicion. In contrast, a Collaborative Intrusion Detection System (CIDS) leverages collaboration among its members across multiple networks and organizations. In this work, we extend our Application-level Unsupervised Outlier-based Intrusion Detection and Prevention framework by leveraging the benefits of CIDSs. More specifically, we design a collaborative intrusion detection architecture made of three levels: the organization level, the domain level and the overarching root level. This hierarchical architecture combined with streaming and clustering offers very good privacy, scalability, accuracy and resilience tradeoffs. Moreover, the adoption of the cloud as a cost-effective and elastic platform allows us to handle big data generated by millions of applications as alarm streams. We also specify a lightweight Application Alarm Message Exchange Format (A2MEF) to support collaboration among the different stakeholders. Finally, we design a reputation-based alarm correlation algorithm that manages the iterative and bidirectional relationship between the reputation of involved parties and the accuracy of their reported alarms.

Pages: 63 to 70

Copyright: Copyright (c) IARIA, 2019

Publication date: June 30, 2019

Published in: conference

ISSN: 2308-4219

ISBN: 978-1-61208-719-1

Location: Rome, Italy

Dates: from June 30, 2019 to July 4, 2019