THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK
The number and scale of intrusion and attack in the internet are getting higher. To detect and superintend the attack, anomaly detection method has already been developed in term of detection and classification algorithm in IDS (Intrusion Detection System). To resolve the limitation of resource and...
Saved in:
| Main Author: | |
|---|---|
| Format: | Dissertations |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/37195 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:37195 |
|---|---|
| spelling |
id-itb.:371952019-03-19T14:08:13ZTHE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK Purwanto, Yudha Indonesia Dissertations IDS, CIDN, intrusion, classification, risk cost. INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/37195 The number and scale of intrusion and attack in the internet are getting higher. To detect and superintend the attack, anomaly detection method has already been developed in term of detection and classification algorithm in IDS (Intrusion Detection System). To resolve the limitation of resource and knowledge problem in an IDS, recent research proposed the collaboration among IDS in CIDN (Collaborative Intrusion Detection Network). By the used of CIDN, an IDS shares information and takes benefit of others IDS expertise to increase the IDS accuracy. The process of selection and management of the collaborators has taken an important role in the resulting output. In the recent CIDN acquaintance management proposal, the used of risk cost analysis to measure the trustworthiness of other IDS has proved to effectively select the acquaintances and increase the CIDN accuracy. However, the recent risk-cost analysis which based on detection output can not estimate the risk accurately in multi botnet DDoS attack scenarios. It is because, in such scenarios, the predicted attack traffic will be consist of more than one types of predicted attack. Thus, the recent analysis can not estimate all possible consequences which may occur as there is exist the possibility of misclassifying the attack. Moreover, the recent acquaintance management algorithm uses greedy based selection which has high complexity. In the worst case, these problems may end up in several impacts. First, the selected acquaintance list is less effective which may degrade the accuracy of the CIDN output. Second, the less effective acquaintance list will end up in higher consumed resources. And the last is the difficulty of defining the algorithm parameter will end up in higher selection time and lower CIDN performance. This research develops acquaintance management based on a risk-cost analysis. The analysis is done by evaluating the IDS output based on a decision tree which considered all possible consequences of risk cost and damage lost. Our decision tree considers the all possible consequences of damage lost due to the wrong prediction of types of attack, as the wrong prediction will result in wrong response action and end up in damage lost condition. The risk cost analysis is occupied in acquaintance management algorithm by the used of the sorting method to simplify the computation complexity. We develop the CIDN model by the used of recent high accuracy detection algorithm, which predicts the types of traffic based on triangle area Mahalanobis distance. The collaboration is implemented by sending the consultation request when the distance is in sigma-based uncertainty area. The research output is in the form of a risk cost estimation formula which implemented in sorting-based acquaintance management algorithm. By the used of our risk-cost analysis, an IDS can estimates the trustworthiness of another IDS more accurately. The simulation result shows that our risk cost formula can estimate the risk cost more accurately in multi botnet DDoS attack scenarios. By occupying the risk cost formula in acquaintance management algorithm, an IDS can select more effective CIDN acquaintance list. It was shown by the decreasing selection time, lower overall risk cost and higher IDS value. Thus, the implementation of collaboration function in an IDS can increases the classification accuracy in 2,1% averagely. Our acquaintance management algorithm also produces acquaintance list with averagely 2,6% higher classification accuracy compared to the one implementing comparison algorithm by the used of KDD Cup 99 dataset. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
The number and scale of intrusion and attack in the internet are getting higher. To detect and superintend the attack, anomaly detection method has already been developed in term of detection and classification algorithm in IDS (Intrusion Detection System). To resolve the limitation of resource and knowledge problem in an IDS, recent research proposed the collaboration among IDS in CIDN (Collaborative Intrusion Detection Network). By the used of CIDN, an IDS shares information and takes benefit of others IDS expertise to increase the IDS accuracy. The process of selection and management of the collaborators has taken an important role in the resulting output. In the recent CIDN acquaintance management proposal, the used of risk cost analysis to measure the trustworthiness of other IDS has proved to effectively select the acquaintances and increase the CIDN accuracy.
However, the recent risk-cost analysis which based on detection output can not estimate the risk accurately in multi botnet DDoS attack scenarios. It is because, in such scenarios, the predicted attack traffic will be consist of more than one types of predicted attack. Thus, the recent analysis can not estimate all possible consequences which may occur as there is exist the possibility of misclassifying the attack. Moreover, the recent acquaintance management algorithm uses greedy based selection which has high complexity. In the worst case, these problems may end up in several impacts. First, the selected acquaintance list is less effective which may degrade the accuracy of the CIDN output. Second, the less effective acquaintance list will end up in higher consumed resources. And the last is the difficulty of defining the algorithm parameter will end up in higher selection time and lower CIDN performance.
This research develops acquaintance management based on a risk-cost analysis. The analysis is done by evaluating the IDS output based on a decision tree which considered all possible consequences of risk cost and damage lost. Our decision tree considers the all possible consequences of damage lost due to the wrong prediction of types of attack, as the wrong prediction will result in wrong response action and end up in damage lost condition. The risk cost analysis is occupied in acquaintance management algorithm by the used of the sorting method to simplify the computation complexity. We develop the CIDN model by the used of recent high accuracy detection algorithm, which predicts the types of traffic based on triangle area Mahalanobis distance. The collaboration is implemented by sending the consultation request when the distance is in sigma-based uncertainty area.
The research output is in the form of a risk cost estimation formula which implemented in sorting-based acquaintance management algorithm. By the used of our risk-cost analysis, an IDS can estimates the trustworthiness of another IDS more accurately. The simulation result shows that our risk cost formula can estimate the risk cost more accurately in multi botnet DDoS attack scenarios. By occupying the risk cost formula in acquaintance management algorithm, an IDS can select more effective CIDN acquaintance list. It was shown by the decreasing selection time, lower overall risk cost and higher IDS value. Thus, the implementation of collaboration function in an IDS can increases the classification accuracy in 2,1% averagely. Our acquaintance management algorithm also produces acquaintance list with averagely 2,6% higher classification accuracy compared to the one implementing comparison algorithm by the used of KDD Cup 99 dataset. |
| format |
Dissertations |
| author |
Purwanto, Yudha |
| spellingShingle |
Purwanto, Yudha THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK |
| author_facet |
Purwanto, Yudha |
| author_sort |
Purwanto, Yudha |
| title |
THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK |
| title_short |
THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK |
| title_full |
THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK |
| title_fullStr |
THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK |
| title_full_unstemmed |
THE DEVELOPMENT OF ACQUAINTANCE MANAGEMENT ALGORITHM BASED ON RISK COST ANALYSIS IN COLLABORATIVE INTRUSION DETECTION NETWORK |
| title_sort |
development of acquaintance management algorithm based on risk cost analysis in collaborative intrusion detection network |
| url |
https://digilib.itb.ac.id/gdl/view/37195 |
| _version_ |
1822924838925238272 |