Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suf...Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.展开更多
To solve the problem that current intrusion detection model needs large-scale data in formulating the model in real-time use, an intrusion detection system model based on grey theory (GTIDS) is presented. Grey theor...To solve the problem that current intrusion detection model needs large-scale data in formulating the model in real-time use, an intrusion detection system model based on grey theory (GTIDS) is presented. Grey theory has merits of fewer requirements on original data scale, less limitation of the distribution pattern and simpler algorithm in modeling. With these merits GTIDS constructs model according to partial time sequence for rapid detect on intrusive act in secure system. In this detection model rate of false drop and false retrieval are effectively reduced through twice modeling and repeated detect on target data. Furthermore, GTIDS framework and specific process of modeling algorithm are presented. The affectivity of GTIDS is proved through emulated experiments comparing snort and next-generation intrusion detection expert system (NIDES) in SRI international.展开更多
In this paper,we propose a novel Intrusion Detection System (IDS) architecture utilizing both the evidence theory and Rough Set Theory (RST). Evidence theory is an effective tool in dealing with uncertainty question. ...In this paper,we propose a novel Intrusion Detection System (IDS) architecture utilizing both the evidence theory and Rough Set Theory (RST). Evidence theory is an effective tool in dealing with uncertainty question. It relies on the expert knowledge to provide evidences,needing the evidences to be independent,and this make it difficult in application. To solve this problem,a hybrid system of rough sets and evidence theory is proposed. Firstly,simplification are made based on Variable Precision Rough Set (VPRS) conditional entropy. Thus,the Basic Belief Assignment (BBA) for all evidences can be calculated. Secondly,Dempster’s rule of combination is used,and a decision-making is given. In the proposed approach,the difficulties in acquiring the BBAs are solved,the correlativity among the evidences is reduced and the subjectivity of evidences is weakened. An illustrative example in an intrusion detection shows that the two theories combination is feasible and effective.展开更多
Application of data fusion technique in intrusion detection is the trend of next- generation Intrusion Detection System (IDS). In network security, adopting security early warn- ing technique is feasible to effectivel...Application of data fusion technique in intrusion detection is the trend of next- generation Intrusion Detection System (IDS). In network security, adopting security early warn- ing technique is feasible to effectively defend against attacks and attackers. To do this, correlative information provided by IDS must be gathered and the current intrusion characteristics and sit- uation must be analyzed and estimated. This paper applies D-S evidence theory to distributed intrusion detection system for fusing information from detection centers, making clear intrusion situation, and improving the early warning capability and detection efficiency of the IDS accord- ingly.展开更多
In this paper,we propose two intrusion detection methods which combine rough set theory and Fuzzy C-Means for network intrusion detection.The first step consists of feature selection which is based on rough set theory...In this paper,we propose two intrusion detection methods which combine rough set theory and Fuzzy C-Means for network intrusion detection.The first step consists of feature selection which is based on rough set theory.The next phase is clustering by using Fuzzy C-Means.Rough set theory is an efficient tool for further reducing redundancy.Fuzzy C-Means allows the objects to belong to several clusters simultaneously,with different degrees of membership.To evaluate the performance of the introduced approaches,we apply them to the international Knowledge Discovery and Data mining intrusion detection dataset.In the experimentations,we compare the performance of two rough set theory based hybrid methods for network intrusion detection.Experimental results illustrate that our algorithms are accurate models for handling complex attack patterns in large network.And these two methods can increase the efficiency and reduce the dataset by looking for overlapping categories.展开更多
Cloud computing provides easy and on-demand access to computing resources in a configurable pool.The flexibility of the cloud environment attracts more and more network services to be deployed on the cloud using group...Cloud computing provides easy and on-demand access to computing resources in a configurable pool.The flexibility of the cloud environment attracts more and more network services to be deployed on the cloud using groups of virtual machines(VMs),instead of being restricted on a single physical server.When more and more network services are deployed on the cloud,the detection of the intrusion likes Distributed Denialof-Service(DDoS)attack becomes much more challenging than that on the traditional servers because even a single network service now is possibly provided by groups of VMs across the cloud system.In this paper,we propose a cloud-based intrusion detection system(IDS)which inspects the features of data flow between neighboring VMs,analyzes the probability of being attacked on each pair of VMs and then regards it as independent evidence using Dempster-Shafer theory,and eventually combines the evidence among all pairs of VMs using the method of evidence fusion.Unlike the traditional IDS that focus on analyzing the entire network service externally,our proposed algorithm makes full use of the internal interactions between VMs,and the experiment proved that it can provide more accurate results than the traditional algorithm.展开更多
Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the sec...Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.展开更多
In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation;a package for computing the int...In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation;a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.展开更多
Wireless ad ho network is becoming a new research fronter, in which security is an important issue. Usually some nodes act maliciously and they are able to do different kinds of Denial of Service (Dos). Because of the...Wireless ad ho network is becoming a new research fronter, in which security is an important issue. Usually some nodes act maliciously and they are able to do different kinds of Denial of Service (Dos). Because of the limited resource, intrusion detection system (IDS) runs all the time to detect intrusion of the attacker which is a costly overhead. In our model, we use game theory to model the interactions between the intrusion detection system and the attacker, and a realistic model is given by using Bayesian game. We solve the game by finding the Bayesian Nash equilibrium. The results of our analysis show that the IDS could work intermittently without compromising on its effectiveness. At the end of this paper, we provide an experiment to verify the rationality and effectiveness of the proposed model.展开更多
基金supported by the National Natural Science Foundation of China(Nos.51977113,62293500,62293501 and 62293505).
文摘Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.
文摘To solve the problem that current intrusion detection model needs large-scale data in formulating the model in real-time use, an intrusion detection system model based on grey theory (GTIDS) is presented. Grey theory has merits of fewer requirements on original data scale, less limitation of the distribution pattern and simpler algorithm in modeling. With these merits GTIDS constructs model according to partial time sequence for rapid detect on intrusive act in secure system. In this detection model rate of false drop and false retrieval are effectively reduced through twice modeling and repeated detect on target data. Furthermore, GTIDS framework and specific process of modeling algorithm are presented. The affectivity of GTIDS is proved through emulated experiments comparing snort and next-generation intrusion detection expert system (NIDES) in SRI international.
基金Supported by the National Natural Science Foundation of China (No. 60774029)
文摘In this paper,we propose a novel Intrusion Detection System (IDS) architecture utilizing both the evidence theory and Rough Set Theory (RST). Evidence theory is an effective tool in dealing with uncertainty question. It relies on the expert knowledge to provide evidences,needing the evidences to be independent,and this make it difficult in application. To solve this problem,a hybrid system of rough sets and evidence theory is proposed. Firstly,simplification are made based on Variable Precision Rough Set (VPRS) conditional entropy. Thus,the Basic Belief Assignment (BBA) for all evidences can be calculated. Secondly,Dempster’s rule of combination is used,and a decision-making is given. In the proposed approach,the difficulties in acquiring the BBAs are solved,the correlativity among the evidences is reduced and the subjectivity of evidences is weakened. An illustrative example in an intrusion detection shows that the two theories combination is feasible and effective.
文摘Application of data fusion technique in intrusion detection is the trend of next- generation Intrusion Detection System (IDS). In network security, adopting security early warn- ing technique is feasible to effectively defend against attacks and attackers. To do this, correlative information provided by IDS must be gathered and the current intrusion characteristics and sit- uation must be analyzed and estimated. This paper applies D-S evidence theory to distributed intrusion detection system for fusing information from detection centers, making clear intrusion situation, and improving the early warning capability and detection efficiency of the IDS accord- ingly.
基金Sponsored by the National Social Science Fund(Grant No.13CFX049)the Shanghai University Young Teacher Training Program(Grant No.hdzf10008)the Research Fund for East China University of Political Science and Law(Grant No.11H2K034)
文摘In this paper,we propose two intrusion detection methods which combine rough set theory and Fuzzy C-Means for network intrusion detection.The first step consists of feature selection which is based on rough set theory.The next phase is clustering by using Fuzzy C-Means.Rough set theory is an efficient tool for further reducing redundancy.Fuzzy C-Means allows the objects to belong to several clusters simultaneously,with different degrees of membership.To evaluate the performance of the introduced approaches,we apply them to the international Knowledge Discovery and Data mining intrusion detection dataset.In the experimentations,we compare the performance of two rough set theory based hybrid methods for network intrusion detection.Experimental results illustrate that our algorithms are accurate models for handling complex attack patterns in large network.And these two methods can increase the efficiency and reduce the dataset by looking for overlapping categories.
文摘Cloud computing provides easy and on-demand access to computing resources in a configurable pool.The flexibility of the cloud environment attracts more and more network services to be deployed on the cloud using groups of virtual machines(VMs),instead of being restricted on a single physical server.When more and more network services are deployed on the cloud,the detection of the intrusion likes Distributed Denialof-Service(DDoS)attack becomes much more challenging than that on the traditional servers because even a single network service now is possibly provided by groups of VMs across the cloud system.In this paper,we propose a cloud-based intrusion detection system(IDS)which inspects the features of data flow between neighboring VMs,analyzes the probability of being attacked on each pair of VMs and then regards it as independent evidence using Dempster-Shafer theory,and eventually combines the evidence among all pairs of VMs using the method of evidence fusion.Unlike the traditional IDS that focus on analyzing the entire network service externally,our proposed algorithm makes full use of the internal interactions between VMs,and the experiment proved that it can provide more accurate results than the traditional algorithm.
基金This work was partially supported by the National Natural Science Foundation of China under Cxants No. 61272451, No. 61103220, No. 61173154, No. 61173175 the National Critical Patented Projects in the next generation broadband wireless mobile communication network under Grant No. 2010ZX03006-001-01.
文摘Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.
文摘In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation;a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.
文摘Wireless ad ho network is becoming a new research fronter, in which security is an important issue. Usually some nodes act maliciously and they are able to do different kinds of Denial of Service (Dos). Because of the limited resource, intrusion detection system (IDS) runs all the time to detect intrusion of the attacker which is a costly overhead. In our model, we use game theory to model the interactions between the intrusion detection system and the attacker, and a realistic model is given by using Bayesian game. We solve the game by finding the Bayesian Nash equilibrium. The results of our analysis show that the IDS could work intermittently without compromising on its effectiveness. At the end of this paper, we provide an experiment to verify the rationality and effectiveness of the proposed model.
